Lucene search

China National Vulnerability DatabaseCNVD-2022-01776

HistoryDec 16, 2021 - 12:00 a.m.

Apache log4j2 denial of service vulnerability

2021-12-1600:00:00

China National Vulnerability Database

www.cnvd.org.cn

0.974 High

EPSS

Percentile

99.9%

JSON

Apache Log4j is a Java-based open source logging tool from the Apache Foundation. Apache log4j2 suffers from a denial-of-service vulnerability. When improperly configured, an attacker can exploit the vulnerability to cause a denial-of-service attack.

CPENameOperatorVersion
Apache Log4j >=2.0.1，lt2.12.2
Apache Log4j >=2.13.0，lt2.16.0

CPE	Name	Operator	Version
	Apache Log4j >=2.0.1，	lt	2.12.2
	Apache Log4j >=2.13.0，	lt	2.16.0

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2022-01-05 04:13:59

Exploit for Expression Language Injection in Apache Log4J

2021-12-18 11:43:56

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-15 09:01:37

kaspersky

KLA12391 RCE vulnerability in Apache Log4j

2021-12-14 00:00:00

osv

apache-log4j2 - security update

2021-12-16 00:00:00

Remote code injection in Log4j

2021-12-10 00:40:56

apache-log4j2 vulnerability

2021-12-15 19:02:14

nessus

Apache Log4j 2.x < 2.16.0 RCE (MacOS) (deprecated)

2021-12-17 00:00:00

Amazon Linux 2 : java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk (ALAS-2021-1731)

2021-12-18 00:00:00

Amazon Linux AMI : java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk (ALAS-2021-1553)

2021-12-18 00:00:00

freebsd

OpenSearch -- Log4Shell

2021-12-14 00:00:00

graylog -- remote code execution in log4j from user-controlled log input

2021-11-14 00:00:00

ibm

Security Bulletin: Multiple Vulnerabilities have been identified in WebSphere Application Server shipped with WebSphere Remote Server

2021-12-17 16:41:40

Security Bulletin: IBM Tivoli Federated Identity Manager is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-4104, CVE-2021-45046)

2022-01-10 18:33:41

Security Bulletin: Multiple vulnerabilities in Apache Log4j impact IBM Workload Scheduler (CVE-2021-4104, CVE-2021-45046)

2022-01-10 09:19:17

thn

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver

2022-12-09 11:25:00

Second Log4j Vulnerability (CVE-2021-45046) Discovered — New Patch Released

2021-12-15 05:26:00

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

2021-12-16 06:24:00

prion

Default configuration

2021-12-14 19:15:00

Race condition

2022-06-17 13:15:00

Authorization

2022-08-24 16:15:00

openvas

Apache Log4j 2.0.x Multiple Vulnerabilities (Web Application URL Parameter, Log4Shell) - Active Check

2022-03-30 00:00:00

Apache Log4j 2.0.x Multiple Vulnerabilities (SIP, Log4Shell) - Active Check

2021-12-13 00:00:00

Apache Archiva < 2.2.6 Multiple Log4j Vulnerabilities (Log4Shell) - Version Check

2021-12-23 00:00:00

nvd

CVE-2021-45046

2021-12-14 19:15:07

CVE-2021-4125

2022-08-24 16:15:09

redhatcve

CVE-2021-45046

2022-05-07 14:27:31

cve

CVE-2021-45046

2021-12-14 19:15:07

CVE-2021-4125

2022-08-24 16:15:09

amazon

Critical: java-17-amazon-corretto, java-11-amazon-corretto, java-1.8.0-openjdk, java-1.7.0-openjdk

2021-12-17 18:12:00

Critical: aws-kinesis-agent

2021-12-16 00:11:00

Critical: java-1.8.0-openjdk, java-1.7.0-openjdk, java-1.6.0-openjdk

2021-12-17 17:39:00

suse

Security update for log4j (important)

2021-12-20 00:00:00

Security update for log4j (important)

2021-12-17 00:00:00

veracode

Denial Of Service (DoS)

2021-12-15 00:30:50

vmware

VMware Response to Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

VMware Response to Apache Log4j Remote Code Execution Vulnerabilities (CVE-2021-44228, CVE-2021-45046)

2021-12-10 00:00:00

github

Incomplete fix for Apache Log4j vulnerability

2021-12-14 18:01:28

Remote code injection in Log4j

2021-12-10 00:40:56

ubuntucve

CVE-2021-45046

2021-12-14 00:00:00

debian

[SECURITY] [DSA 5022-1] apache-log4j2 security update

2021-12-16 10:29:17

attackerkb

CVE-2021-45046

2021-12-14 00:00:00

fortinet

Apache log4j2 log messages substitution (CVE-2021-44228)

2021-12-12 00:00:00

talosblog

Quarterly Report: Incident Response Trends in Q2 2022

2022-07-26 14:03:00

Quarterly Report: Incident Response Trends in Q3 2022

2022-10-25 12:00:00

redos

ROS-20211223-01

2021-12-23 00:00:00

gentoo

Ubiquiti UniFi: remote code execution via bundled log4j

2023-10-26 00:00:00

checkpoint_advisories

Apache Log4j Remote Code Execution (CVE-2021-44228; CVE-2021-45046)

2021-12-10 00:00:00

redhat

(RHSA-2021:5108) Critical: OpenShift Container Platform 4.8.z security update

2021-12-14 14:18:30

(RHSA-2021:5106) Critical: OpenShift Container Platform 4.6.z security update

2021-12-16 06:06:42

(RHSA-2021:5094) Moderate: OpenShift Container Platform 3.11.z security update

2021-12-14 05:40:01

nuclei

Apache Log4j2 - Remote Code Injection

2021-12-23 15:41:50

securelist

CVE-2021-44228 vulnerability in Apache Log4j library

2021-12-13 14:10:21

Answering Log4Shell-related questions

2021-12-20 15:45:30

kitploit

log4j-scan - A fully automated, accurate, and extensive scanner for finding vulnerable log4j hosts

2021-12-20 11:30:00

Log4J-Detector - Detects Log4J versions on your file-system within any application that are vulnerable to CVE-2021-44228 and CVE-2021-45046

2021-12-20 04:38:00

impervablog

Log4Shell log4j Remote Code Execution – The COVID of the Internet

2022-01-06 16:41:56

mmpc

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

huawei

Security Advisory - Apache log4j2 remote code execution vulnerabilities in some Huawei products

2021-12-15 00:00:00

cisa_kev

Apache Log4j2 Deserialization of Untrusted Data Vulnerability

2023-05-01 00:00:00

mageia

Updated log4j packages fix security vulnerability

2021-12-19 15:26:08

malwarebytes

[Update: CISA issues Log4j vulnerabilities scanner] Log4j zero-day “Log4Shell” arrives just in time to ruin your weekend

2021-12-10 18:03:28

Oracle WebLogic Server vulnerability added to CISA list as “known to be exploited”

2023-05-03 14:30:00

rapid7blog

How to Protect Your Applications Against Log4Shell With tCell

2021-12-15 14:58:14

K32171392 : Apache Log4j2 vulnerability CVE-2021-45046

2021-12-16 00:00:00

cvelist

CVE-2021-45046 Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack

2021-12-14 16:55:09

mssecure

MERCURY leveraging Log4j 2 vulnerabilities in unpatched systems to target Israeli organizations

2022-08-25 16:00:00

threatpost

APT ‘Aquatic Panda’ Targets Universities with Log4Shell Exploit Tools

2021-12-30 16:16:23

intel

Intel® Product Advisory for Apache Log4j2 Vulnerabilities (CVE-2021-44228 & CVE-2021-45046)

2022-01-12 00:00:00

debiancve

CVE-2021-45046

2021-12-14 19:15:07

ubuntu

Apache Log4j 2 vulnerability

2021-12-15 00:00:00

typo3

Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

2021-12-16 00:00:00

symantec

Symantec Security Advisory for Log4j Vulnerability

2021-12-11 01:06:47

qualysblog

How to Discover Log4Shell Vulnerabilities in Running Containers & Images

2021-12-27 19:39:34

nvidia

Security Notice: NVIDIA Response to Log4j Vulnerabilities - December 2021

2021-12-13 00:00:00

0.974 High

EPSS

Percentile

99.9%

JSON

Apache log4j2 denial of service vulnerability

Related