7.5
CVSSv2

CVE-2017-5645

Published: 17/04/2017 Updated: 01/07/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Apache Log4j 2.x prior to 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache log4j 2.8.1

apache log4j 2.0

apache log4j 2.0.2

apache log4j 2.2

apache log4j 2.6.2

apache log4j 2.8

apache log4j 2.3

apache log4j 2.0.1

apache log4j 2.6

apache log4j 2.5

apache log4j 2.4.1

apache log4j 2.6.1

apache log4j 2.7

apache log4j 2.4

apache log4j 2.1

netapp oncommand api services -

netapp oncommand insight -

netapp oncommand workflow automation -

netapp snapcenter -

netapp storage automation store -

netapp service level manager -

redhat enterprise linux server aus 7.6

redhat enterprise linux server eus 7.4

redhat enterprise linux server eus 7.5

redhat enterprise linux server eus 7.6

redhat enterprise linux 6.0

redhat enterprise linux 7.0

redhat enterprise linux desktop 7.0

redhat enterprise linux workstation 7.0

redhat enterprise linux server tus 7.6

redhat enterprise linux 7.3

redhat enterprise linux 7.4

redhat enterprise linux 7.5

redhat enterprise linux server 7.0

redhat enterprise linux 6.7

redhat enterprise linux server aus 7.4

redhat enterprise linux server tus 7.4

redhat enterprise linux 7.6

oracle policy automation for mobile devices 12.1.0

oracle policy automation for mobile devices 12.1.1

oracle policy automation for mobile devices 12.2.0

oracle policy automation for mobile devices 12.2.1

oracle policy automation 12.2.0

oracle policy automation 12.2.1

oracle policy automation 12.2.2

oracle policy automation 12.2.3

oracle insurance policy administration 10.1

oracle insurance policy administration 10.2

oracle insurance policy administration 11.0

oracle fusion middleware mapviewer 12.2.1.2

oracle api gateway 11.1.2.4.0

oracle retail open commerce platform 6.0.1

oracle retail open commerce platform 5.3.0

oracle retail open commerce platform 6.0.0

oracle banking platform 2.6.1

oracle banking platform 2.6.2

oracle communications webrtc session controller

oracle enterprise manager for peoplesoft 13.1.1.1

oracle enterprise manager for peoplesoft 13.2.1.1

oracle communications converged application server - service controller 6.1

oracle communications online mediation controller 6.1

oracle communications service broker 6.0

oracle bi publisher 12.2.1.4.0

oracle bi publisher 11.1.1.7.0

oracle bi publisher 11.1.1.9.0

oracle bi publisher 12.2.1.3.0

oracle retail extract transform and load 13.2

oracle utilities work and asset management 1.9.1.2.12

oracle retail integration bus 14.0.0

oracle policy automation for mobile devices 10.4.7

oracle policy automation for mobile devices 12.2.2

oracle policy automation for mobile devices 12.2.4

oracle policy automation connector for siebel 10.4.6

oracle policy automation 12.1.0

oracle flexcube investor servicing 12.1.0

oracle enterprise manager base platform 12.1.0.5

oracle jdeveloper 11.1.1.9.0

oracle jdeveloper 12.1.3.0.0

oracle retail integration bus 15.0

oracle flexcube investor servicing 12.4.0

oracle soa suite 12.1.3.0.0

oracle identity analytics 11.1.1.5.8

oracle siebel ui framework 18.7

oracle siebel ui framework 18.9

oracle flexcube investor servicing 14.0.0

oracle tape library acsls 8.4

oracle insurance calculation engine 10.2.1

oracle insurance rules palette 11.1

oracle banking platform 2.6.0

oracle enterprise manager for oracle database 12.1.0.8

oracle enterprise manager for mysql database

oracle enterprise manager for fusion middleware 13.2.0.0

oracle enterprise manager base platform 13.2.0.0

oracle communications pricing design center 11.1

oracle communications pricing design center 12.0

oracle goldengate application adapters 12.3.2.1.1

oracle soa suite 12.2.2.0.0

oracle configuration manager 12.1.2.0.2

oracle identity management suite 12.2.1.3.0

oracle retail extract transform and load 13.1

oracle autovue vuelink integration 21.0.0

oracle retail predictive application server 15.0.3

oracle retail integration bus 14.1.0

oracle policy automation for mobile devices 12.2.6

oracle policy automation for mobile devices 12.2.7

oracle policy automation for mobile devices 12.2.8

oracle policy automation for mobile devices 12.2.9

oracle policy automation 12.2.5

oracle policy automation 12.2.7

oracle policy automation 12.2.8

oracle policy automation 12.2.9

oracle policy automation 12.2.10

oracle peoplesoft enterprise fin install 9.2

oracle mysql enterprise monitor

oracle enterprise data quality 12.2.1.3.0

oracle financial services profitability management 6.1.1

oracle financial services loan loss forecasting and provisioning 8.0.5

oracle financial services hedge management and ifrs valuations 8.0.4

oracle financial services hedge management and ifrs valuations 8.0.5

oracle financial services behavior detection platform

oracle financial services analytical applications infrastructure

oracle flexcube investor servicing 12.3.0

oracle jd edwards enterpriseone tools 9.2

oracle flexcube investor servicing 12.0.4

oracle siebel ui framework 18.8

oracle insurance rules palette 10.0

oracle insurance rules palette 10.2

oracle insurance calculation engine 10.1.1

oracle insurance rules palette 10.1

oracle insurance rules palette 11.0

oracle retail integration bus 16.0

oracle enterprise manager for oracle database 13.2.2

oracle enterprise manager for fusion middleware 12.1.0.5

oracle jdeveloper 12.2.1.3.0

oracle communications messaging server

oracle configuration manager 12.1.2.0.5

oracle identity management suite 11.1.2.3.0

oracle retail extract transform and load 13.0

oracle autovue vuelink integration 21.0.1

oracle retail clearance optimization engine 14.0.5

oracle policy automation for mobile devices 12.2.3

oracle policy automation for mobile devices 12.2.5

oracle policy automation for mobile devices 12.2.10

oracle policy automation 10.4.7

oracle policy automation 12.1.1

oracle policy automation 12.2.4

oracle policy automation 12.2.6

oracle insurance policy administration 10.0

oracle fusion middleware mapviewer 12.2.1.3

oracle financial services profitability management

oracle financial services loan loss forecasting and provisioning 8.0.4

oracle financial services behavior detection platform 6.1.1

Vendor Advisories

Synopsis Important: Red Hat JBoss BRMS 646 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BRMSRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, wh ...
Synopsis Important: Red Hat JBoss BPM Suite 646 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss BPM SuiteRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base ...
Synopsis Important: rh-java-common-log4j security update Type/Severity Security Advisory: Important Topic An update for rh-java-common-log4j is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scori ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 52 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Commo ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform 52 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 5 for Red Hat Enterprise Linux 5 and Red Hat JBoss Enterprise Application Platform 5 for Red Hat ...
Debian Bug report logs - #860489 apache-log4j2: CVE-2017-5645: socket receiver deserialization vulnerability Package: src:apache-log4j2; Maintainer for src:apache-log4j2 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 Apr 20 ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application PlatformRed Hat Product Security has rated this update as having a security impact of Important A Common Vu ...
Synopsis Important: Red Hat JBoss Data Grid 711 security update Type/Severity Security Advisory: Important Topic Red Hat JBoss Data Grid 711 is now available for download from the Customer PortalRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerabil ...
Synopsis Important: Red Hat JBoss Web Server Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Sys ...
Synopsis Important: eap7-jboss-ec2-eap security update Type/Severity Security Advisory: Important Topic An update for eap7-jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 6 and Red Hat JBoss Enterprise Application Platform 70 for Red Hat Ent ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a securi ...
Synopsis Important: Red Hat Fuse 731 security update Type/Severity Security Advisory: Important Topic A micro version update (from 73 to 731) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security ...
Synopsis Important: Red Hat JBoss Web Server 310 Service Pack 1 security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Web Server 31 for RHEL 6 and Red Hat JBoss Web Server 31 for RHEL 7Red Hat Product Security has rated this update as having a sec ...
Synopsis Important: Red Hat JBoss Enterprise Application Platform security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat JBoss Enterprise Application Platform 70 for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a securi ...
Debian Bug report logs - #947124 apache-log4j12: CVE-2019-17571 Package: src:apache-log4j12; Maintainer for src:apache-log4j12 is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 21 Dec 2019 13:39:01 UTC Severity: grave Tags: s ...
It was found that when using remote logging with log4j socket server the log4j server would deserialize any log event received via TCP or UDP An attacker could use this flaw to send a specially crafted log event that, during deserialization, would execute arbitrary code in the context of the logger application ...
Oracle Critical Patch Update Advisory - April 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous ...
Oracle Critical Patch Update Advisory - July 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous C ...
Oracle Critical Patch Update Advisory - January 2019 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Linux Bulletin - July 2017 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released ...
Oracle Critical Patch Update Advisory - October 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...
Oracle Critical Patch Update Advisory - January 2018 Description A Critical Patch Update is a collection of patches for multiple security vulnerabilities Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previou ...

Mailing Lists

CVE-2019-17571: Deserialization of untrusted data in SocketServer Severity: Critical CVSS:30/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/RL:W Product: Apache Log4j Versions Affected: Apache Log4j up to and including 1227 Separately fixed by CVE-2017-5645 in Log4j 282 Problem type: CWE-502: Deserialization of Untrusted Data Description: Include ...

Github Repositories

CVE-2017-5645 - Apache Log4j RCE due Insecure Deserialization

CVE-2017-5645 CVE-2017-5645 - Apache Log4j RCE due Insecure Deserialization

Apache Log4j Server 反序列化命令执行漏洞(CVE-2017-5645) Apache Log4j是一个用于Java的日志记录库,其支持启动远程日志服务器。Apache Log4j 282之前的2x版本中存在安全漏洞。攻击者可利用该漏洞执行任意代码。 漏洞环境 执行如下命令启动漏洞环境 docker-compose up -d 环境启动后,将在4712端口开

Apache Log4j 1.2.X存在反序列化远程代码执行漏洞

CVE-2019-17571/Apache Log4j 12X存在反序列化远程代码执行漏洞 漏洞预警参考链接: mpweixinqqcom/s/okU2y0izfnKXXtXG3EfLkQ 1 漏洞描述 Apache Log4j是美国阿帕奇(Apache)软件基金会的一款基于Java的开源日志记录工具Apache Log4j 12X系列版本中存在反序列化远程代码执行漏洞攻击者可利用该漏洞执

抓取 Weblogic 等 Oracle 组件的历史漏洞信息

一个 Oracle 历史漏洞爬取工具 通过制定关键字,可以自动检索 WebLogic, Database, Management Center, Testing Suite 等历史漏洞并统计。 准备 go build 运行 检索所有历史 WebLogic 漏洞,输出到屏幕 /main --filter WebLogic 检索所有历史 WebLogic 漏洞, 输出到 weblogicmd /main --filter WebLogic --output weblogicmd

https://51pwn.com,Awesome Penetration Testing,hacker tools collection, metasploit exploit, meterpreter....struts2、weblogic, 0day,poc,apt,backdoor,VulApps,vuln,pentest-script

Twitter: @Hktalent3135773 penetration tools dependencies Command Description kali linux recommend system node js program runtime javac, java auto generate payload metasploit auto generate payload, and autoexploit gcc auto generate payload tmux auto background send payload, shell Bash base64, tr, nc, auto generate payload python auto genera

The cheat sheet about Java Deserialization vulnerabilities

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV

Recent Articles

How much does Oracle love you? Thiiiis much: Latest patch bundle has 402 fixes
The Register • Gareth Corfield • 21 Oct 2020

How many times do you want to read the CVSS rating 9.8 today?

Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity.
In all, there are 230 CVE-listed bugs fixed across 27 Oracle products, according to Tenable, which noted Big Red's record is still July 2020 with more than 440 patches.
"Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has ...

Oracle whips out the swatter, squishes 254 security bugs in its gear
The Register • Shaun Nichols in San Francisco • 19 Apr 2018

Java fixes lobbed out, Spectre Solaris patches issued

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products.
Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its products back in January. This update applies further fixes for Solaris versions 10 and 11.3.
Java was on...

Oracle whips out the swatter, squishes 254 security bugs in its gear
The Register • Shaun Nichols in San Francisco • 19 Apr 2018

Java fixes lobbed out, Spectre Solaris patches issued Flash! Ah-ahhh! WebEx pwned for all of us!

Oracle this week emitted its April security update, addressing a total of 254 security vulnerabilities across dozens of products.
Among the more noteworthy patches is a fix for lingering Spectre-related vulnerabilities in Solaris systems – specifically, CVE-2017-5753, also known as Spectre variant 1. Oracle had mitigated most of the Spectre/Meltdown processor design bugs in its products back in January. This update applies further fixes for Solaris versions 10 and 11.3.
Java was on...

The Register

Oracle has released its final quarterly batch of patches for the year for security flaws in its products. The total this time? 402 fixes, the bulk of which are rated critical in terms of severity.
In all, there are 230 CVE-listed bugs fixed across 27 Oracle products, according to Tenable, which noted Big Red's record is still July 2020 with more than 440 patches.
"Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has ...

References

CWE-502https://issues.apache.org/jira/browse/LOG4J2-1863http://www.securityfocus.com/bid/97702https://access.redhat.com/errata/RHSA-2017:3244https://access.redhat.com/errata/RHSA-2017:2889https://access.redhat.com/errata/RHSA-2017:2888https://access.redhat.com/errata/RHSA-2017:2811https://access.redhat.com/errata/RHSA-2017:2810https://access.redhat.com/errata/RHSA-2017:2809https://access.redhat.com/errata/RHSA-2017:2808https://access.redhat.com/errata/RHSA-2017:3400https://access.redhat.com/errata/RHSA-2017:3399https://access.redhat.com/errata/RHSA-2017:2638https://access.redhat.com/errata/RHSA-2017:2637https://access.redhat.com/errata/RHSA-2017:2636https://access.redhat.com/errata/RHSA-2017:2635https://access.redhat.com/errata/RHSA-2017:2633https://access.redhat.com/errata/RHSA-2017:2423https://access.redhat.com/errata/RHSA-2017:1802https://access.redhat.com/errata/RHSA-2017:1801https://access.redhat.com/errata/RHSA-2017:1417http://www.securitytracker.com/id/1040200http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlhttps://security.netapp.com/advisory/ntap-20180726-0002/http://www.securitytracker.com/id/1041294http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlhttps://security.netapp.com/advisory/ntap-20181107-0002/https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlhttps://access.redhat.com/errata/RHSA-2019:1545https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlhttps://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3Ehttps://lists.apache.org/thread.html/e8fb7d76a244ee997ba4b217d6171227f7c2521af8c7c5b16cba27bc@%3Cdev.logging.apache.org%3Ehttps://lists.apache.org/thread.html/eea03d504b36e8f870e8321d908e1def1addda16adda04327fe7c125@%3Cdev.logging.apache.org%3Ehttps://lists.apache.org/thread.html/84cc4266238e057b95eb95dfd8b29d46a2592e7672c12c92f68b2917@%3Cannounce.apache.org%3Ehttp://www.openwall.com/lists/oss-security/2019/12/19/2https://lists.apache.org/thread.html/0dcca05274d20ef2d72584edcf8c917bbb13dbbd7eb35cae909d02e9@%3Cdev.logging.apache.org%3Ehttps://lists.apache.org/thread.html/8ab32b4c9f1826f20add7c40be08909de9f58a89dc1de9c09953f5ac@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/44491fb9cc19acc901f7cff34acb7376619f15638439416e3e14761c@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/277b4b5c2b0e06a825ccec565fa65bd671f35a4d58e3e2ec5d0618e1@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/479471e6debd608c837b9815b76eab24676657d4444fcfd5ef96d6e6@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/6114ce566200d76e3cc45c521a62c2c5a4eac15738248f58a99f622c@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/rf2567488cfc9212b42e34c6393cfa1c14e30e4838b98dda84d71041f@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/r3a85514a518f3080ab1fc2652cfe122c2ccf67cfb32356acb1b08fe8@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/rc1eaed7f7d774d5d02f66e49baced31e04827a1293d61a70bd003ca7@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/r681b4432d0605f327b68b9f8a42662993e699d04614de4851c35ffd1@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/ra38785cfc0e7f17f8e24bebf775dd032c033fadcaea29e5bc9fffc60@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/rdec0d8ac1f03e6905b0de2df1d5fcdb98b94556e4f6cccf7519fdb26@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/r746fbc3fc13aee292ae6851f7a5080f592fa3a67b983c6887cdb1fc5@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/rca24a281000fb681d7e26e5c031a21eb4b0593a7735f781b53dae4e2@%3Cdev.tika.apache.org%3Ehttps://lists.apache.org/thread.html/r4b25538be50126194cc646836c718b1a4d8f71bd9c912af5b59134ad@%3Cdev.tika.apache.org%3Ehttps://www.oracle.com/security-alerts/cpujan2020.htmlhttps://lists.apache.org/thread.html/r7bcdc710857725c311b856c0b82cee6207178af5dcde1bd43d289826@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/rd5dbeee4808c0f2b9b51479b50de3cc6adb1072c332a200d9107f13e@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/r2ff63f210842a3c5e42f03a35d8f3a345134d073c80a04077341c211@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/raedd12dc24412b3780432bf202a2618a21a727788543e5337a458ead@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/r3d666e4e8905157f3c046d31398b04f2bfd4519e31f266de108c6919@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/r61590890edcc64140e0c606954b29a063c3d08a2b41d447256d51a78@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/r2ce8d26154bea939536e6cf27ed02d3192bf5c5d04df885a80fe89b3@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/re8c21ed9dd218c217d242ffa90778428e446b082b5e1c29f567e8374@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/r18f1c010b554a3a2d761e8ffffd8674fd4747bcbcf16c643d708318c@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/rb1b29aee737e1c37fe1d48528cb0febac4f5deed51f5412e6fdfe2bf@%3Cissues.activemq.apache.org%3Ehttps://www.oracle.com/security-alerts/cpuapr2020.htmlhttps://lists.apache.org/thread.html/ra9a682bc0a8dff1c5cefdef31c7c25f096d9121207cf2d74e2fc563d@%3Ccommits.logging.apache.org%3Ehttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/r3784834e80df2f284577a5596340fb84346c91a2dea6a073e65e3397@%3Cissues.activemq.apache.org%3Ehttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3Ehttps://www.oracle.com/security-alerts/cpuoct2020.htmlhttps://www.oracle.com/security-alerts/cpujan2021.htmlhttps://lists.apache.org/thread.html/rcbb79023a7c8494cb389cd3d95420fa9e0d531ece0b780b8c1f99422@%3Ccommits.doris.apache.org%3Ehttps://lists.apache.org/thread.html/r0831e2e52a390758ce39a6193f82c11c295175adce6e6307de28c287@%3Cissues.beam.apache.org%3Ehttps://www.oracle.com/security-alerts/cpuApr2021.htmlhttps://lists.apache.org/thread.html/rbfa7a0742be4981a3f9356a23d0e1a5f2e1eabde32a1a3d8e41420f8@%3Cgithub.beam.apache.org%3Ehttps://lists.apache.org/thread.html/r23369fd603eb6d62d3b883a0a28d12052dcbd1d6d531137124cd7f83@%3Cgithub.beam.apache.org%3Ehttps://lists.apache.org/thread.html/r9d5c1b558a15d374bd5abd2d3ae3ca7e50e796a0efdcf91e9c5b4cdd@%3Cgithub.beam.apache.org%3Ehttps://lists.apache.org/thread.html/r94b5aae09c4bcff5d06cf641be17b00bd83ba7e10cad737bf16a1b8f@%3Cgithub.beam.apache.org%3Ehttps://access.redhat.com/errata/RHSA-2017:2888https://github.com/pimps/CVE-2017-5645https://nvd.nist.govhttps://www.securityfocus.com/bid/97702https://tools.cisco.com/security/center/viewAlert.x?alertId=54751