Lucene search
K

33 matches found

Prion
Prion
added 2021/12/18 12:15 p.m.36 views

Code injection

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

4.3CVSS7.5AI score0.99999EPSS
Exploits20References13Affected Software115
Debian CVE
Debian CVE
added 2021/12/18 11:55 a.m.43 views

CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue wa...

5.9CVSS7.2AI score0.99999EPSS
Exploits20
Positive Technologies
Positive Technologies
added 2021/12/18 12:0 a.m.12 views

PT-2021-5478

Name of the Vulnerable Software and Affected Versions Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 Description The issue allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted, due to uncontroll...

7.8CVSS7.1AI score0.99999EPSS
Exploits20References121
Tenable Nessus
Tenable Nessus
added 2021/12/17 12:0 a.m.64 views

openSUSE 15 Security Update : log4j (openSUSE-SU-2021:4094-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:4094-1 advisory. - Apache Log4j2 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0 JNDI features used in configuration, log messages, and parameters do not...

10CVSS8.1AI score0.99999EPSS
Exploits353References7
GithubExploit
GithubExploit
added 2021/12/15 4:28 p.m.457 views

Exploit for Expression Language Injection in Apache Log4J

tejas-nagchandi/CVE-2021-45046 Attack !imagehttps://use...

10CVSS10AI score0.99999EPSS
Exploits353
ThreatPost
ThreatPost
added 2021/12/15 2:4 p.m.165 views

Apache’s Fix for Log4Shell Can Lead to DoS Attacks

As if finding one easily exploited and extremely dangerous flaw in the ubiquitous Java logging library Apache Log4j hadn’t already turned the Internet security community on its ear, researchers now have found a new vulnerability in Apache’s patch issued to mitigate it. Last Thursday security...

10CVSS10AI score0.99999EPSS
Exploits354References16
Tenable Nessus
Tenable Nessus
added 2021/12/15 12:0 a.m.195 views

Ubuntu 20.04 LTS : Apache Log4j 2 vulnerability (USN-5197-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5197-1 advisory. It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non- default configurations. An attacker could use...

10CVSS7.5AI score0.99999EPSS
Exploits353References3
Prion
Prion
added 2021/12/14 7:15 p.m.81 views

Default configuration

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

5.1CVSS9.5AI score0.99999EPSS
Exploits353References21Affected Software31
OSV
OSV
added 2021/12/14 6:1 p.m.5 views

GHSA-7RJR-3Q55-VV33 Incomplete fix for Apache Log4j vulnerability

Impact The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup for...

9CVSS7.5AI score0.99999EPSS
Exploits353References28
Cvelist
Cvelist
added 2021/12/14 4:55 p.m.43 views

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

8.7AI score0.99977EPSS
Exploits40References21
UbuntuCve
UbuntuCve
added 2021/12/14 4:30 p.m.69 views

CVE-2021-45046

It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default Pattern Layout with either a Context...

9CVSS7.5AI score0.99977EPSS
Exploits40References7
Tenable Nessus
Tenable Nessus
added 2021/12/14 12:0 a.m.483 views

Apache Log4j 2.x < 2.16.0 RCE

The version of Apache Log4j on the remote host is 2.x 2.12.2 / 2.16.0. It is, therefore, affected by a remote code execution vulnerability. The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers with control over...

10CVSS8.3AI score0.99999EPSS
Exploits353References3
FreeBSD
FreeBSD
added 2021/11/14 12:0 a.m.355 views

graylog -- remote code execution in log4j from user-controlled log input

Apache Software Foundation reports: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map MDC input data when the logging configuration uses a non-default...

10CVSS2.1AI score0.99999EPSS
Exploits351References3
Rows per page
Query Builder