Description

Apache Log4j is a Java-based logging utility. When Apache Log4j is using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Apache Log4j Versions Affected: all versions from 2.0-alpha1 to 2.8.1.

Remediation

Upgrade to the latest version of Apache Log4j. This vulnerability was fixes in Apache Log4j version 2.8.2.

References

Related Vulnerabilities