Skip to main content

Apache Log4j Remote Code Execution Vulnerability

Last Update Date: 21 Dec 2021 Release Date: 17 Dec 2021 7707 Views

RISK: Medium Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Apache Log4j. A remote user can exploit this vulnerability to trigger remote code execution and sensitive information disclosure on the targeted system.

 

Note:

The vulnerability CVE-2021-45046 was found when applying fix to address CVE-2021-44228 vulnerability in certain non-default configurations.

 

 

[Updated on 2021-12-21]

Updated Impact, Source and Related Links.


Impact

  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  • Apache Log4j versions from 2.0-beta9 to 2.12.1
  • Apache Log4j versions from 2.13.0 to 2.15.0

 

Note:

Non-default Pattern Layout in logging configuration is required to trigger CVE-2021-45046 vulnerability.


Solutions

Before installation of the software, please visit the vendor web-site for more details.

 


Vulnerability Identifier


Source


Related Link