Apache Log4j Remote Code Execution Vulnerability

Last Update Date: 21 Dec 2021 Release Date: 17 Dec 2021 7555 Views

RISK: Medium Risk

Medium Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Apache Log4j. A remote user can exploit this vulnerability to trigger remote code execution and sensitive information disclosure on the targeted system.

 

Note:

The vulnerability CVE-2021-45046 was found when applying fix to address CVE-2021-44228 vulnerability in certain non-default configurations.

 

 

[Updated on 2021-12-21]

Updated Impact, Source and Related Links.

Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Apache Log4j versions from 2.0-beta9 to 2.12.1
  • Apache Log4j versions from 2.13.0 to 2.15.0

 

Note:

Non-default Pattern Layout in logging configuration is required to trigger CVE-2021-45046 vulnerability.

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Vulnerability Identifier

Source

Related Link

Related Tags

ApacheRemote Code ExecutionInformation Disclosure

Share with

Previous

Oracle Java SE and Apache Log4j product Remote Code Execution Vulnerability

10 Dec 2021 16760 Views

Next

VMWare Products Multiple Vulnerabilities

21 Dec 2021 4789 Views

More Articles

RISK: Medium Risk

Medium Risk

Apache Log4j Denial of Service Vulnerability

Security Bulletin

ApacheDenial of Service

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY