CVE-2017-5645

EPSS 94.01% · P100 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2017-5645

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Apache Log4j 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4j 2.8.2之前的2.x版本中存在代码问题漏洞。攻击者可利用该漏洞执行任意代码。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Apache Software Foundation	Apache Log4j	All versions between 2.0-alpha1 and 2.8.1	-

II. Public POCs for CVE-2017-5645

#	POC Description	Source Link	Shenlong Link
1	CVE-2017-5645 - Apache Log4j RCE due Insecure Deserialization	https://github.com/pimps/CVE-2017-5645	POC Details
2	In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.	https://github.com/projectdiscovery/nuclei-templates/blob/main/network/cves/2017/CVE-2017-5645.yaml	POC Details
3	None	https://github.com/Threekiii/Awesome-POC/blob/master/%E4%B8%AD%E9%97%B4%E4%BB%B6%E6%BC%8F%E6%B4%9E/Apache%20Log4j%20Server%20%E5%8F%8D%E5%BA%8F%E5%88%97%E5%8C%96%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E%20CVE-2017-5645.md	POC Details
4		https://github.com/vulhub/vulhub/blob/master/log4j/CVE-2017-5645/README.md	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2017-5645

请登录查看更多情报信息。

🔗 https://issues.apache.org/jira/browse/LOG4J2-1863x_refsource_CONFIRM
🔗 https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
🔗 http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
🔗 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
🔗 https://security.netapp.com/advisory/ntap-20180726-0002/x_refsource_CONFIRM
🔗 https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
🔗 http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
🔗 https://security.netapp.com/advisory/ntap-20181107-0002/x_refsource_CONFIRM
🔗 https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
🔗 https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
🔗 https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
🔗 https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
🔗 https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
🔗 https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
🔗 https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
🔗 https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
🔗 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
🔗 http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
🔗 https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
🔗 http://www.securityfocus.com/bid/97702vdb-entryx_refsource_BID
🔗 http://www.securitytracker.com/id/1040200vdb-entryx_refsource_SECTRACK
🔗 http://www.securitytracker.com/id/1041294vdb-entryx_refsource_SECTRACK
🔗 https://access.redhat.com/errata/RHSA-2017:2889vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2633vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:1801vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:1417vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2635vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:1802vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:3244vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2637vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2638vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:3400vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2809vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2810vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:3399vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2636vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2808vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2811vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2423vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2017:2888vendor-advisoryx_refsource_REDHAT
🔗 https://access.redhat.com/errata/RHSA-2019:1545vendor-advisoryx_refsource_REDHAT
🔗 https://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc%40%3Cdev.logging.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917%40%3Cannounce.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 [CVE-2019-17571] Apache Log4j 1.2 deserialization of untrusted data in SocketServer-Apache Mail Archivesmailing-listx_refsource_MLIST
🔗 http://www.openwall.com/lists/oss-security/2019/12/19/2mailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9%40%3Cdev.logging.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d%40%3Ccommits.logging.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287%40%3Cissues.beam.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60%40%3Cdev.tika.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78%40%3Cissues.activemq.apache.org%3Emailing-listx_refsource_MLIST
🔗 [jira] [Commented] (AMQ-7370) log4j 1.2 version used by AMQ 5.15.10 / 5.15.11 is vulnerable to CVE-2019-17571-Apache Mail Archivesmailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422%40%3Ccommits.doris.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rdbd579dc223f06af826d7de340218ee2f80d8b43fa7e4decb2a63f44%40%3Cgithub.beam.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83%40%3Cgithub.beam.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8%40%3Cgithub.beam.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-listx_refsource_MLIST
🔗 https://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f%40%3Cgithub.beam.apache.org%3Emailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2017-5645

Same Patch Batch · Apache Software Foundation · 2017-04-17 · 7 CVEs total

CVE-2016-5396		Apache Traffic Server 安全漏洞
CVE-2017-5659		Apache Traffic Server 安全漏洞
CVE-2017-5647		Apache Tomcat 安全漏洞
CVE-2017-5648		Apache Tomcat 安全漏洞
CVE-2017-5650		Apache Tomcat 安全漏洞
CVE-2017-5651		Apache Tomcat 安全漏洞

IV. Related Vulnerabilities

Same product: Apache Log4j

Same vendor: Apache Software Foundation

V. Comments for CVE-2017-5645

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2017-5645

I. Basic Information for CVE-2017-5645

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2017-5645

III. Intelligence Information for CVE-2017-5645

Same Patch Batch · Apache Software Foundation · 2017-04-17 · 7 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2017-5645

Leave a comment