Apache Log4j is a Java-based logging utility. When Apache Log4j is using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code.
Apache Log4j Versions Affected: all versions from 2.0-alpha1 to 2.8.1.
- Upgrade to the latest version of Apache Log4j. This vulnerability was fixes in Apache Log4j version 2.8.2.
- Ektron CMS unauthenticated code execution and Local File Read
- WordPress Plugin WooCommerce Possible Remote Code Execution (3.5.0)
- WordPress Cookie Data PHP Code Injection Vulnerability (1.5 - 126.96.36.199)
- Apache Struts2 remote command execution (S2-045)
- Drupal Core 8.5.x Remote Code Execution (8.5.0 - 8.5.2)