Description
In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Remediation
References
Related Vulnerabilities
ColdFusion 9 solr service exposed
WordPress Plugin Simple Share Buttons Adder Multiple Vulnerabilities (4.4)
WordPress Plugin Coming Soon & Maintenance Mode Page PHP Object Injection (1.42)
WordPress Plugin PHP Speedy 'admin_container.php' Remote PHP Code Execution (0.5.2)
WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors SQL Injection (2.0.2)