Lucene search
ApacheCVELIST:CVE-2021-45105HistoryDec 18, 2021 - 11:55 a.m.
CVE-2021-45105 Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
2021-12-1811:55:08
CWE-674
CWE-20
apache
www.cve.org
1
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
CNA Affected
[
{
"product": "Apache Log4j2",
"vendor": "Apache Software Foundation",
"versions": [
{
"changes": [
{
"at": "2.13.0",
"status": "affected"
},
{
"at": "2.12.3",
"status": "unaffected"
},
{
"at": "2.4",
"status": "affected"
},
{
"at": "2.3.1",
"status": "unaffected"
},
{
"at": "2.0-alpha1",
"status": "affected"
}
],
"lessThan": "2.17.0",
"status": "affected",
"version": "log4j-core",
"versionType": "custom"
}
]
}
]References
www.openwall.com/lists/oss-security/2021/12/19/1
cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
logging.apache.org/log4j/2.x/security.html
psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
security.netapp.com/advisory/ntap-20211218-0001/
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
www.debian.org/security/2021/dsa-5024
www.kb.cert.org/vuls/id/930724
www.oracle.com/security-alerts/cpuapr2022.html
www.oracle.com/security-alerts/cpujan2022.html
www.oracle.com/security-alerts/cpujul2022.html
www.zerodayinitiative.com/advisories/ZDI-21-1541/
Related
checkpoint_advisories
checkpoint_advisories
Apache Log4j Denial Of Service (CVE-2021-45105)
2021-12-21 00:00:00
nessus
nessus
Oracle WebCenter Portal DoS (Jan 2022 CPU)
2022-01-19 00:00:00
RHEL 7 : Red Hat Single Sign-On 7.5.2 security update on RHEL 7 (Low) (RHSA-2022:1462)
2022-04-21 00:00:00
FreeBSD : OpenSearch -- Log4Shell (d1be3d73-6737-11ec-9eea-589cfc007716)
2021-12-27 00:00:00
cve
cve
CVE-2021-45105
2021-12-18 12:15:07
mageia
mageia
Updated log4j packages fix security vulnerability
2021-12-20 23:32:32
ibm
ibm
prion
prion
Code injection
2021-12-18 12:15:00
attackerkb
attackerkb
CVE-2021-45105
2021-12-18 00:00:00
githubexploit
githubexploit
Exploit for Improper Input Validation in Apache Log4J
2021-12-18 14:24:46
Exploit for Improper Input Validation in Apache Log4J
2021-12-18 12:54:44
Exploit for CVE-2021-45105
2021-12-20 21:27:55
debian
debian
[SECURITY] [DSA 5024-1] apache-log4j2 security update
2021-12-18 20:39:14
[SECURITY] [DLA 2852-1] apache-log4j2 security update
2021-12-26 21:44:27
ubuntucve
ubuntucve
CVE-2021-45105
2021-12-19 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2021-0572)
2022-01-28 00:00:00
openSUSE: Security Advisory for log4j (openSUSE-SU-2021:1605-1)
2022-02-01 00:00:00
nvd
nvd
CVE-2021-45105
2021-12-18 12:15:07
cnvd
cnvd
Apache Log4j2 Denial of Service Vulnerability (CNVD-2021-101661)
2021-12-20 00:00:00
zdi
zdi
github
github
veracode
veracode
Denial Of Service (DoS)
2021-12-18 18:53:46
rapid7blog
rapid7blog
Update on Log4Shell’s Impact on Rapid7 Solutions and Systems
2021-12-14 00:55:13
redhat
redhat
(RHSA-2022:1463) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 8
2022-04-20 13:28:43
(RHSA-2022:1469) Low: Red Hat Single Sign-On 7.5.2 security update
2022-04-20 14:33:33
(RHSA-2022:1462) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 7
2022-04-20 13:28:41
osv
osv
apache-log4j2 vulnerability
2021-12-19 17:39:38
CVE-2021-45105
2021-12-18 12:15:07
apache-log4j2 - security update
2021-12-18 00:00:00
ubuntu
ubuntu
Apache Log4j 2 vulnerability
2021-12-19 00:00:00
Apache Log4j 2 vulnerabilities
2022-01-11 00:00:00
debiancve
debiancve
CVE-2021-45105
2021-12-18 12:15:07
amazon
amazon
Medium: aws-kinesis-agent
2021-12-21 02:01:00
suse
suse
Security update for log4j (important)
2021-12-22 00:00:00
Security update for log4j (important)
2021-12-20 00:00:00
f5
f5
K34162192 : Apache log4j2 denial-of-service vulnerability CVE-2021-45105
2021-12-21 00:00:00
freebsd
freebsd
OpenSearch -- Log4Shell
2021-12-16 00:00:00
akamaiblog
akamaiblog
Akamai Reports Another DoS in Log4j2 (CVE-2021-45105): What You Need to Know
2021-12-20 18:30:57
kaspersky
kaspersky
KLA12394 DoS vulnerability in Apache Log4j
2021-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: log4j-2.17.0-1.fc34
2021-12-27 00:56:30
[SECURITY] Fedora 35 Update: log4j-2.17.0-1.fc35
2021-12-27 00:41:40
redos
redos
ROS-20211223-01
2021-12-23 00:00:00
cloudfoundry
cloudfoundry
impervablog
impervablog
Why Attackers Target the Gaming Industry
2023-05-30 11:47:27
redhatcve
redhatcve
CVE-2021-45105
2022-04-30 13:07:43
avleonov
avleonov
Log4j “Log4Shell” RCE explained (CVE-2021-44228)
2021-12-26 22:07:17
trellix
trellix
Log4shell Vulnerability is the Coal in Our Stocking for 2021
2022-01-19 00:00:00
Log4shell Vulnerability is the Coal in Our Stocking for 2021
2022-01-19 00:00:00
securelist
securelist
Answering Log4Shell-related questions
2021-12-20 15:45:30
qualysblog
qualysblog
How to Discover Log4Shell Vulnerabilities in Running Containers & Images
2021-12-27 19:39:34
ics
ics
Mitigating Log4Shell and Other Log4j-Related Vulnerabilities
2021-12-23 12:00:00