120 matches found
Log4Shell HTTP Scanner
Versions of Apache Log4j2 impacted by CVE-2021-44228 which allow JNDI features used in configuration, log messages, and parameters, do not protect against attacker controlled LDAP and other JNDI related endpoints. This module will scan an HTTP end point for the Log4Shell vulnerability by injectin...
[SECURITY] [DSA 5022-1] apache-log4j2 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-5022-1 [email protected] https://www.debian.org/security/ Markus Koschany December 16, 2021 https://www.debian.org/security/faq -...
DSA-5022-1 apache-log4j2 - security update
Bulletin has no description...
Amazon Linux 2 : aws-kinesis-agent (ALAS-2021-1730)
The version of aws-kinesis-agent installed on the remote host is prior to 2.0.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1730 advisory. Amazon Kinesis Agent versions within Amazon Linux 2 AL2 prior to aws-kinesis-agent-2.0.4-1 included a version of...
Debian DSA-5022-1 : apache-log4j2 - security update
The remote Debian 10 / 11 host has a package installed that is affected by multiple vulnerabilities as referenced in the dsa-5022 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. This...
Ubuntu: Security Advisory (USN-5197-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products
Some Huawei products are affected by the Apache Log4j2 remote code execution vulnerabilities. The vulnerabilities are caused by a recursive parsing error in some functions of Apache Log4j2. An attacker can construct a malicious request to control log parameters to trigger a remote code execution...
CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
PT-2021-5369
Name of the Vulnerable Software and Affected Versions Apache Log4j2 versions 2.15.0 Apache Log4j2 versions prior to 2.16.0 Java 8 Apache Log4j2 versions prior to 2.12.2 Java 7 Description The issue is related to the deserialization of untrusted data in the Apache Log4j2 library, which can be...
Apache Log4j2 2.14.1 - Information Disclosure Exploit
Exploit Title: Apache Log4j2 2.14.1 - Information Disclosure Date: 12/12/2021 Exploit Author: leonjza Vendor Homepage: https://logging.apache.org/log4j/2.x/ Version: None: printf' i| new connection from self.clientaddress0' sock = self.request sock.recv1024 sock.sendallLDAPHEADER data =...
Apache Log4j2 2.14.1 Remote Code Execution
Exploit Title: Apache Log4j 2 - Remote Code Execution RCE Date: 11/12/2021 Exploit Authors: kozmer, z9fr, svmorris Vendor Homepage: https://logging.apache.org/log4j/2.x/ Software Link: https://github.com/apache/logging-log4j2 Version: versions 2.0-beta-9 and 2.14.1. Tested on: Linux CVE:...
Debian: Security Advisory (DLA-2842-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Elastic Logstash Multiple Log4j Vulnerabilities (ESA-2021-31, Log4Shell)
Elastic Logstash is prone to multiple vulnerabilities in the Apache Log4j library. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Debian DLA-2842-1 : apache-log4j2 - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2842 advisory. - Apache Log4j2 2.10 this behavior can be mitigated by setting system property log4j2.formatMsgNoLookups to true or it can be mitigated in prior releases 2.10 by removing t...
The vulnerability of the JNDI component of the Apache Log4j2 logging library allows a perpetrator to execute arbitrary code.
The vulnerability of the JNDI component of the Apache Log4j2 logging library is related to insufficient validation of input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
CVE-2021-44228 Log4Shell Proof of Concept A...
[SECURITY] [DLA 2842-1] apache-log4j2 security update
Debian LTS Advisory DLA-2842-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany December 12, 2021 https://wiki.debian.org/LTS Package : apache-log4j2 Version : 2.7-2+deb9u1 CVE ID : CVE-2021-44228 Debian Bug : 1001478 Chen Zhaojun of Alibaba Cloud Security Team...
Security Advisory 0070
Security Advisory 0070 PDF Date: May 20th, 2022 Revision | Date | Changes ---|---|--- 1.6 | May 20th, 2022 | Update CVEs affected release info 1.5 | January 4th, 2022 | Add information about CVE-2021-44832 1.4 | December 21st, 2021 | Add information about CVE-2021-45105 1.3 | December 17th, 2021 ...
DLA-2842-1 apache-log4j2 - security update
Bulletin has no description...
Debian: Security Advisory (DSA-5020-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...