|
|
|||
| Rule General Information |
|---|
| Release Date: | 2021-12-20 | |
| Rule Name: | Apache Log4j2 Denial Of Service Vulnerability (CVE-2021-45105) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | Apache log4j2 is a Java log frame, which is an upgraded version of Apache log4j. It can control the output format of each log. This vulnerability is because Apache log4j2 is configured with a Non-default Pattern Layout scenario with Context Lookup, attackers can use this vulnerability in unauthorized cases, constructive malicious data execution denial serviceAttack, eventually cause the server to reject the service, causing normal traffic to block. | |
| Impact: | An attacker can launch a denial of service attack by exploiting the vulnerability successfully. | |
| Affected OS: | Windows, Linux, Others | |
| Reference: | https://lists.fedoraproject.org/archives/list/package-announce https://www.oracle.com/security-alerts/cpujan2022.html https://lists.debian.org/debian-lts-announce/2021/12/msg00017.html ZeroDayInitiative:ZDI-21-1541 |
|
| Solutions |
|---|
| The vendor has released upgrade patches to fix vulnerabilities, please visit: https://github.com/apache/logging-log4j2/tags |