CVE-2017-5645

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.

Date published : 2017-04-17

http://www.securityfocus.com/bid/97702

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html