Apache Log4j Remote Code Execution Vulnerability

Release Date: 29 Dec 2021 5503 Views

RISK: Medium Risk

Medium Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Apache Log4j. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

Only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.

Impact

  • Remote Code Execution

System / Technologies affected

  • Apache Log4j versions from 2.0-alpha7 to 2.17.0, excluding 2.3.2 and 2.12.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

  • Java 8 (or later) users should upgrade to release 2.17.1
  • Java 7 users should upgrade to release 2.12.4
  • Java 6 users should upgrade to release 2.3.2

Vulnerability Identifier

Source

Related Link

Related Tags

ApacheRemote Code Execution

Share with

Previous

Netgear Products Multiple Vulnerabilities

22 Dec 2021 5259 Views

Next

NetApp Products Multiple Vulnerabilities

31 Dec 2021 4184 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY