![]() This fix was released in response to a newly discovered vulnerability that makes Log4j susceptible to a Denial-of-Service attack (DoS). On December 18 th, a third Log4J vulnerability was discovered ( CVE-2021-45105 - Apache Log4j2 does not always protect against infinite recursion in lookup evaluation). This promoted Apache to update the advisory and upgrade the CVSS score for this vulnerability to 9.0. Things went from bad to worse on December 16 th due to the discovery of information leaks and the remote code execution nature of the vulnerability. It was initially identified as a Denial-of-Service (DoS) vulnerability with a CVSS score of 3.7 and moderate severity. ![]() On December 14 th, the Apache Software Foundation revealed a second Log4j vulnerability ( CVE-2021-45046). This has earned the vulnerability a CVSS score of 10 – the maximum. Officially labeled CVE-2021-44228, but colloquially known as “Log4Shell”, this vulnerability is both trivial to exploit and allows for full remote code execution on a target system. Beginning December 9 th, most of the internet-connected world was forced to reckon with a critical new vulnerability discovered in the Apache Log4j framework deployed in countless servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |