Log4j 2.17.1

  |  Source: 

Log4j 2.17.1

A recent update for Log4j 2.17.1, addresses CVE-2021-44832, a remote command execution flaw assessed with a score of 6.6. The exploit requires the attacker to be able to modify the Log4j config file as CVE description, "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."

Get trending threats published weekly by the Anvilogic team.

Sign Up Now