Lucene search

CVE-2021-45046

🗓️ 14 Dec 2021 00:00:00Reported by AttackerKBType

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations, allowing attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default

Reporter	Title	Published	Views	Family All 199
Prion	Default configuration	14 Dec 202119:15	–	prion
Prion	Authorization	24 Aug 202216:15	–	prion
Prion	Race condition	17 Jun 202213:15	–	prion
Tenable Nessus	Amazon Linux 2 : java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk (ALAS-2021-1731)	18 Dec 202100:00	–	nessus
Tenable Nessus	Amazon Linux AMI : java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk (ALAS-2021-1553)	18 Dec 202100:00	–	nessus
Tenable Nessus	Splunk Enterprise 8.1.x < 8.1.7.2 / 8.2.x < 8.2.3.3 Log4j	25 Feb 202200:00	–	nessus
Tenable Nessus	Palo Alto Networks PAN-OS for Panorama < 9.0.15 / 9.1.12-h3 / 10.0.8-h8 Multiple RCE (Log4Shell)	10 Feb 202200:00	–	nessus
Tenable Nessus	FreeBSD : graylog -- remote code execution in log4j from user-controlled log input (650734b2-7665-4170-9a0a-eeced5e10a5e)	21 Dec 202100:00	–	nessus
Tenable Nessus	Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)	15 Dec 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2022-1806)	16 Jun 202200:00	–	nessus

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
oracle	www.oracle.com/security-alerts/alert-cve-2021-44228.html
openwall	www.openwall.com/lists/oss-security/2021/12/14/4
logging	www.logging.apache.org/log4j/2.x/security.html
kb	www.kb.cert.org/vuls/id/930724
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
intel	www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
openwall	www.openwall.com/lists/oss-security/2021/12/15/3

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Dec 2021 00:00Current

9.8High risk

Vulners AI Score9.8

CVSS29.3

CVSS310

EPSS0.97112