Log4Shell (CVE-2021-45046)

Risk:
High

Type:
Active

CWE:
CWE-117

Summary: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.

Solution: Upgrade Log4j2 to version 2.17.1 or newer.

References

https://www.lunasec.io/docs/blog/log4j-zero-day/

https://nvd.nist.gov/vuln/detail/CVE-2021-45046

Free security scan for your website

Don't show website scan report rating on the leaderboard