In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent that, when deserialized, can execute arbitrary code. (CVE-2017-5645)
Impact
There is no impact; F5 products are not affected by this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.5.5 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 11.6.2 | |
big-ip afm | eq | 11.6.3 | |
big-ip afm | eq | 12.0.0 | |
big-ip afm | eq | 12.1.0 |