5 matches found
Amazon's Hotpatch for Log4j Flaw Found Vulnerable to Privilege Escalation Bug
The "hotpatch" released by Amazon Web Services AWS in response to the Log4Shell vulnerabilities could be leveraged for container escape and privilege escalation, allowing an attacker to seize control of the underlying host. "Aside from containers, unprivileged processes can also exploit the patch...
CVE-2022-0070
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
CVE-2022-0070 Log4j hot patch package privilege escalation
Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to...
Amazon Linux 2 : log4j-cve-2021-44228-hotpatch (ALAS-2022-1773)
The version of log4j-cve-2021-44228-hotpatch installed on the remote host is prior to 1.1-16. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1773 advisory. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic...
Important: log4j-cve-2021-44228-hotpatch
Issue Overview: The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to. In order to mimic the Linux capabilities of the target process, Amazon Linu...