Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Control Center (CVE-2021-45105)

Summary Apache Log4j Vulnerability Affects IBM Sterling Control Center CVE-2021-45105. Customers are encourages to take action and apply the fix below. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from...

OPENSUSE-SU-2021:1605-1 Security update for log4j

This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. bsc1193887, bsc1193888 This update was imported from the SUSE:SLE-15-SP2:Update update project...

Security update for log4j (important)

openSUSE Security Update: Security update for log4j Announcement ID: openSUSE-SU-2021:1605-1 Rating: important References: 1193887 1193888 Cross-References: CVE-2021-45105 CVSS scores: CVE-2021-45105 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.2 An...

BSA-2021-1655

Security Advisory ID : BSA-2021-1655 Component : Apache Log4j StrSubstitutor Revision : 1.0 Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layo...

openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4118-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:4118-1 advisory. - Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This...

MGASA-2021-0572 Updated log4j packages fix security vulnerability

Updated log4j packages fix security vulnerability: Apache Log4j2 versions 2.0-alpha1 through 2.16.0 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is...

OPENSUSE-SU-2021:4118-1 Security update for log4j

This update for log4j fixes the following issues: - Update to 2.17.0 - CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation. bsc1193887, bsc1193888...

Exploit for Improper Input Validation in Apache Log4J

tejas-nagchandi/CVE-2021-45105 Replicating CVE-2021-45105...

USN-5203-1 apache-log4j2 vulnerability

Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. Please see the following link for more information:...

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

Apache Log4j StrSubstitutor Uncontrolled Recursion Denial-of-Service Vulnerability

This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Apache Log4j. Authentication is not required to exploit this vulnerability. The specific flaw exists within the StrSubstitutor class. The issue results from the lack of proper validatio...

Debian DSA-5024-1 : apache-log4j2 - security update

The remote Debian 10 / 11 host has a package installed that is affected by a vulnerability as referenced in the dsa-5024 advisory. It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configurati...

GHSA-P6XC-XR62-6R2G Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in...

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in...

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

CVE-2021-45105 Apache Log4j2 does not always protect from infinite recursion in lookup evaluation

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

Denial Of Service (DoS)

qemu is vulnerable to denial of service. The vulnerability exists due to a flaw that allows an attacker to trigger infinite recursion via a crafted mmindex value during an atimmread or atimmwrite call...

A crafted NTFS image with an unallocated bitmap can lead to a endless recursive function call chain (starting from ntfs_attr_pwrite) causing stack consumption in NTFS-3G < 2021.8.22.

...

Denial Of Service

wireshark:sid is vulnerable to denial of service attacks.Uncontrolled Recursion in the Bluetooth DHT dissector allows denial of service via packet injection or crafted capture file...