Request a Demo
Rewterz
Rewterz Threat Alert – NJRAT – Active IOCs
December 17, 2021
Rewterz
Rewterz Threat Advisory – CVE-2021-0959 – Google Android Vulnerability
December 18, 2021

Rewterz Threat Advisory – CVE-2021-45105 – Apache Log4j Vulnerability

Severity

High

Analysis Summary

CVE-2021-45105

Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process.

Impact

  • Denial of Service

Affected Vendors

Apache

Affected Products

  • Apache Log4j 2.8.1
  • Apache Log4j 2.13.1
  • Apache Log4j 2.14.0
  • Apache Log4j 2.14.1
  • Apache Log4j 2.15.0
  • Apache Log4j 2.0-beta9
  • Apache Log4j 2.12.1
  • Apache Log4j 2.13.0
  • Apache Log4j 2.16.0

Remediation

Upgrade to the latest version of Apache Log4j, available from the Apache Web site.

https://logging.apache.org/log4j/2.x/security.html