Lucene search

GoogleOSV:USN-5192-2

HistoryDec 17, 2021 - 12:46 p.m.

apache-log4j2 vulnerability

2021-12-1712:46:46

Google

osv.dev

10 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

USN-5192-1 fixed a vulnerability in Apache Log4j 2. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Chen Zhaojun discovered that Apache Log4j 2 allows remote attackers to run
programs via a special crafted input. An attacker could use this vulnerability
to cause a denial of service or possibly execute arbitrary code.

References

ubuntu.com/security/CVE-2021-44228

ubuntu.com/security/notices/USN-5192-2

githubexploit

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-10 05:23:44

Exploit for Improper Input Validation in Apache Log4J

2021-12-17 08:48:59

Exploit for Deserialization of Untrusted Data in Apache Log4J

2021-12-17 17:23:47

ibm

Security Bulletin: Vulnerability exists in Watson Explorer (CVE-2021-44228)

2021-12-16 13:28:20

Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerability(CVE-2021-44228)

2022-01-10 06:18:22

Security Bulletin: Vulnerability in SANNav Software used by IBM b-type SAN directors and switches.

2021-12-20 21:32:08

kaspersky

KLA12392 RCE vulnerability in Microsoft Azure

2021-12-16 00:00:00

KLA12395 RCE vulnerability in Microsoft SQL Server

2021-12-16 00:00:00

KLA12390 RCE vulnerability in Apache Log4j

2021-12-10 00:00:00

akamaiblog

Threat Intelligence on Log4j CVE: Key Findings and Their Implications

2021-12-17 19:30:00

CVE-2021-44228 - Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)

2021-12-10 21:00:00

nessus

Ubuntu 16.04 ESM : Apache Log4j 2 vulnerability (USN-5192-2)

2021-12-17 00:00:00

VMware Horizon Log4Shell Direct Check (CVE-2021-44228) (VMSA-2021-0028)

2022-01-07 00:00:00

Cisco SD-WAN vManage Log4j Remote Code Execution (cisco-sa-apache-log4j-qRuKNEbd)

2022-05-16 00:00:00

fedora

[SECURITY] Fedora 34 Update: log4j-2.16.0-1.fc34

2021-12-22 01:14:26

threatpost

The 5 Most-Wanted Threatpost Stories of 2021

2021-12-27 18:57:24

Wormhole Crypto Platform: 'Funds Are Safe' After $314M Heist

2022-02-03 18:28:14

Medusa Malware Joins Flubot's Android Distribution Network

2022-02-07 22:13:29

qualysblog

Log4Shell – Follow This Multi-Layered Approach for Detection and Remediation

2021-12-28 18:00:00

Qualys Study Reveals How Enterprises Responded to Log4Shell

2022-03-18 13:00:00

packetstorm

Log4Shell HTTP Header Injection

2022-01-12 00:00:00

MobileIron Log4Shell Remote Command Execution

2022-08-03 00:00:00

Intel Data Center Manager 5.1 Local Privilege Escalation

2022-12-09 00:00:00

impervablog

Analytics Are Essential for Effective Database Security

2022-01-13 15:23:02

Continuing to Stay Ahead of CVE-2021-44228: Addressing Your Top Questions

2021-12-14 22:55:49

hackerone

U.S. Dept Of Defense: ███ ████████ running a vulnerable log4j

2021-12-31 00:55:49

U.S. Dept Of Defense: ██████████ running a vulnerable log4j

2021-12-11 00:16:38

rapid7blog

[Security Nation] Mike Hanley of GitHub on the Log4j Vulnerability

2022-01-19 21:47:30

3 Reasons to Join Rapid7’s Cloud Security Summit

2022-03-09 17:06:13

What's New in InsightVM and Nexpose: Q1 2022 in Review

2022-04-19 17:52:17

amd

AMD Response to Log4j (Log4Shell) Vulnerability

2021-12-15 00:00:00

veracode

Remote Code Execution (RCE)

2021-12-10 15:09:45

cisa

Malicious Cyber Actors Continue to Exploit Log4Shell in VMware Horizon Systems

2022-06-23 00:00:00

cisa_kev

Apache Log4j2 Remote Code Execution Vulnerability

2021-12-10 00:00:00

osv

Critical vulnerability in log4j may affect generated PEAR projects

2021-12-16 21:01:51

hivepro

Iranian hackers leveraged Log4Shell to penetrate US federal agency

2022-11-17 12:28:57

msrc

CVE-2021-44228 Apache Log4j 2 に対するマイクロソフトの対応

2021-12-12 08:00:00

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

2021-12-12 05:28:18

trellix

Log4J and The Memory That Knew Too Much

2022-01-19 00:00:00

mssecure

MERCURY and DEV-1084: Destructive attack on hybrid environment

2023-04-07 16:00:00

openvas

Debian: Security Advisory (DLA-2842-1)

2021-12-13 00:00:00

openSUSE: Security Advisory for logback (openSUSE-SU-2021:1613-1)

2022-02-01 00:00:00

wallarmlab

Update on Log4Shell (CVE-2021-44228)

2021-12-10 20:22:36

5 things you must know about Log4Shell

2021-12-11 01:22:39

trendmicroblog

Patch Now: Apache Log4j Vulnerability Called Log4Shell Actively Exploited

2021-12-13 00:00:00

redhat

(RHSA-2021:5126) Critical: Red Hat Integration Camel Extensions for Quarkus GA security update

2021-12-14 16:15:45

(RHSA-2021:5093) Critical: Red Hat build of Eclipse Vert.x 4.1.5 SP1 security update

2021-12-14 15:57:34

(RHSA-2021:5130) Critical: Red Hat Integration Camel-K 1.6.2 release and security update

2021-12-14 17:51:25

talosblog

How CVSS 4.0 changes (or doesn’t) the way we see vulnerability severity

2024-02-21 13:54:48

cve

CVE-2021-44228

2021-12-10 10:15:09

K19026212 : Apache Log4j2 Remote Code Execution vulnerability CVE-2021-44228

2021-12-10 00:00:00

zdt

VMware vCenter Server Unauthenticated Log4Shell JNDI Injection Remote Code Execution Exploit

2022-01-20 00:00:00

mageia

Updated log4j packages fix security vulnerability

2021-12-11 04:02:37

metasploit

VMware vCenter Server Unauthenticated JNDI Injection RCE (via Log4Shell)

2022-01-12 20:34:45

MobileIron Core Unauthenticated JNDI Injection RCE (via Log4Shell)

2022-07-29 17:31:15

thn

Hackers Exploit Log4j Vulnerability to Infect Computers with Khonsari Ransomware

2021-12-14 11:09:00

10 High

AI Score

Confidence

High

0.975 High

EPSS

Percentile

100.0%

JSON

apache-log4j2 vulnerability

References

Related