6 matches found
GLSA-202310-16 : Ubiquiti UniFi: remote code execution via bundled log4j
The remote host is affected by the vulnerability described in GLSA-202310-16 Ubiquiti UniFi: remote code execution via bundled log4j - JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provid...
Updated log4j packages fix security vulnerability
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
Exploit for Expression Language Injection in Apache Log4J
tejas-nagchandi/CVE-2021-45046 Attack !imagehttps://use...
Incomplete fix for Apache Log4j vulnerability
Impact The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup for...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
graylog -- remote code execution in log4j from user-controlled log input
Apache Software Foundation reports: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default...