33 matches found
Code injection
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...
CVE-2021-45105
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...
PT-2021-5478
Name of the Vulnerable Software and Affected Versions Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 Description The issue allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted, due to uncontroll...
openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4094-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4094-1 advisory. - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not...
Exploit for Expression Language Injection in Apache Log4J
tejas-nagchandi/CVE-2021-45046 Attack !imagehttps://use...
Apache’s Fix for Log4Shell Can Lead to DoS Attacks
As if finding one easily exploited and extremely dangerous flaw in the ubiquitous Java logging library Apache Log4j hadn’t already turned the Internet security community on its ear, researchers now have found a new vulnerability in Apache’s patch issued to mitigate it. Last Thursday security...
Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)
The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5197-1 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. An attacker could use...
Default configuration
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
GHSA-7RJR-3Q55-VV33 Incomplete fix for Apache Log4j vulnerability
Impact The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup for...
CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
CVE-2021-45046
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...
Apache Log4j 2.x < 2.16.0 RCE
The version of Apache Log4j on the remote host is 2.x 2.12.2 / 2.16.0. It is, therefore, affected by a remote code execution vulnerability. The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over...
graylog -- remote code execution in log4j from user-controlled log input
Apache Software Foundation reports: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default...