CVE-2023-26464

UNSUPPORTED WHEN ASSIGNED When using the Chainsaw or SocketAppender components with Log4j 1.x on JRE less than 1.7, an attacker that manages to cause a logging entry involving a specially-crafted ie, deeply nested hashmap or hashtable depending on which logging component is in use to be processed...

Security Advisory for "Log4Shell"

Impact A highly critical 0-day exploit CVE-2021-44228 is found in Apache log4j 2 library on December 9, 2021. This affects Apache log4j versions from 2.0-beta9 to 2.14.1 inclusive. This vulnerability allows a remote attacker to execute code on the server if the system logs an attacker-controlled...

Security Bulletin: IBM Security Guardium is vulnerable to a denial of service vulnerability in Apache log4j2 component (CVE-2021-45105 & CVE-2021-45046)

Summary IBM Security Guardium is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. IBM Security Guardium has addressed the vulnerabilities with an upgrade. Vulnerability Details CVEID: CVE-2021-45105 DESCRIPTION: Apache Log4j is vulnerable to a denial of service,...

Ubuntu: Security Advisory (USN-5222-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-5222-1: Apache Log4j 2 vulnerabilities

It was discovered that Apache Log4j 2 was vulnerable to remote code execution RCE attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. CVE-2021-44832 Hideki Okamoto and Guy...

Microsoft Sees Rampant Log4j Exploit Attempts, Testing

No surprise here: The holidays bought no Log4Shell relief. Threat actors vigorously launched exploit attempts and testing during the last weeks of December, Microsoft said on Monday, in the latest update to its landing page and guidance around the flaws in Apache’s Log4j logging library. “We have...

Apache Log4j 2.x < 2.13.2 Information Disclosure Vulnerability - Windows

Apache Log4j is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:log4j";...

Security Bulletin: IBM Security Guardium Insights is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. (CVE-2021-44228)

Summary IBM Security Guardium Insights is vulnerable to a remote code execution vulnerability in Apache Log4j 2 component. IBM Security Guardium Insights has addressed the vulnerability CVE-2021-44228 with an upgrade. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could all...

Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5203-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5203-1 advisory. Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly...

Ubuntu: Security Advisory (USN-5192-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5197-1 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. An attacker could use...

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

Apache Log4j 2.x < 2.16.0 RCE

The version of Apache Log4j on the remote host is 2.x 2.12.2 / 2.16.0. It is, therefore, affected by a remote code execution vulnerability. The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over...

CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in...

Apache Log4j 2 - Remote Code Execution (RCE)

Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...

Ubuntu 18.04 LTS / 20.04 LTS : Apache Log4j 2 vulnerability (USN-5192-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-5192-1 advisory. Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run programs via a special crafted input. An attacker could use this...

Apache Log4j 2 - Remote Code Execution Exploit

Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE: CVE-2021-44228 Github rep...

CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応

本ブログは、Microsoft’s Response to CVE-2021-44228 Apache Log4j 2 の抄訳版です。最新の情報は、元記事を参照してください。...

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2022 Apr 6. SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of the...

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Published on: 2021 Dec 11, updated 2021 Dec 18. SUMMARY Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j a logging tool used in many Java-based applications disclosed on 9 Dec 2021. Currently, Microsoft is not aware of any impact, outside of th...