CVE-2021-45105

December 27, 2021

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.

Summary:

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.

Reference Links(if available):

  • https://logging.apache.org/log4j/2.x/security.html
  • https://security.netapp.com/advisory/ntap-20211218-0001/
  • http://www.openwall.com/lists/oss-security/2021/12/19/1
  • https://www.debian.org/security/2021/dsa-5024
  • https://www.zerodayinitiative.com/advisories/ZDI-21-1541/

    • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

    v3: / HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)

  • Tags: , , , ,

    You may have missed

    image

    CACTUS Ransomware Victim: https://www[.]xdconnects[.]com/

    April 19, 2024
    iStock 154974489

    Cyber Assessment Framework 3.2

    April 19, 2024
    hkcert

    Palo Alto Products Remote Code Execution Vulnerability

    April 19, 2024
    HIBP Banner 1

    Le Slip Français – 1,495,127 breached accounts

    April 19, 2024
    CISA Logo

    CISA: Juniper Releases Security Bulletin for Multiple Juniper Products

    April 19, 2024