Request a Demo
Rewterz
Rewterz Threat Advisory – Multiple IBM PowerVM Hypervisor Vulnerabilities
December 14, 2021
Rewterz
Rewterz Threat Alert – Hackers Exploiting Log4j Vulnerability to drop Khonsari Ransomware
December 15, 2021

Rewterz Threat Advisory – CVE-2021-45046 – Apache Log4j Vulnerability

Severity

Medium

Analysis Summary

CVE-2021-45046

Apache Log4j is vulnerable to a denial of service, caused by an incomplete fix of CVE-2021-44228 in certain non-default configurations. A remote attacker with control over Thread Context Map (MDC) input data or a Thread Context Map pattern to exploit this vulnerability to craft malicious input data using a JNDI Lookup pattern and cause a denial of service.

Impact

  • Denial of Service

Affected Vendors

Apache

Affected Products

  • Apache Log4j 2.8.1
  • Apache Log4j 2.13.1
  • Apache Log4j 2.14.0
  • Apache Log4j 2.14.1
  • Apache Log4j 2.15.0
  • Apache Log4j 2.0-beta9
  • Apache Log4j 2.12.1
  • Apache Log4j 2.13.0

Remediation

Upgrade to the latest version of Log4j, available from the Apache Web site.

https://logging.apache.org/log4j/2.x/security.html