Home News In addition to “Log4Shell” in the Java Log4j library, a new vulnerability “CVE-2021-45046” was discovered and can be fixed by updating –GIGAZINE

In addition to “Log4Shell” in the Java Log4j library, a new vulnerability “CVE-2021-45046” was discovered and can be fixed by updating –GIGAZINE

0
In addition to “Log4Shell” in the Java Log4j library, a new vulnerability “CVE-2021-45046” was discovered and can be fixed by updating –GIGAZINE



A critical vulnerability, CVE-2021-44228, commonly known as “Log4Shell”, has been discovered in Log4j, a Java log output library, which allows arbitrary code to be executed remotely. Apache Software Foundation (ASF), which provides Log4j, has a new vulnerability.CVE – 2021‑45046An update from Log4j to version 2.16.0 or later has been discovered and requested.

CVE – CVE-2021-45046
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046

CVE-2021-45046: Red Hat Customer Portal
https://access.redhat.com/security/cve/cve-2021-45046

Log4Shell Update: Second log4j vulnerability released (CVE-2021-44228 + CVE-2021-45046) | LunaSec
https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/

Protection against CVE-2021-45046, the additional vulnerability Log4j RCE
https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/

The following articles summarize the vulnerabilities in Log4Shell that have been confirmed in Log4j version 2.0 beta 9 to version 2.14.1.

Why does the “Log4Shell (CVE-2021-44228)” vulnerability found in the Java Log4j library have a major impact on the world? – GIGAZINE


On December 10, 2021, ASF released version 2.15.0 with Log4Shell protection. However, it turns out that the Log4Shell countermeasures are insufficient in certain configurations other than the default. According to Apache, when using a non-default PatternLayout, use Context Lookup ($ {ctx: loginId}, etc.) or Thread Context Map (% X,% mdc,% MDC) to handle the input data of the thread context. An attacker who can create bad input data with a JNDI reference pattern andDOS attackThere was a possibility that it could cause.

So far, as a workaround for the Log4Shell exploit, a method has been introduced to set “log4j2.noFormatMsgLookup” to True, but CVE-2021-45046 could avoid this invalid configuration and attack.


Therefore, ASF released version 2.16.0 (Java 8 or later) on December 14, 2021. Version 2.16.0 addresses the newly discovered vulnerability CVE-2021-45046. In version 2.16.0, the JNDI function itself is disabled by default and the message search function has been removed …


ASF has also released Log4j version 2.12.2 for the Java 7 runtime. Previously, version 2.12.1 was the final version of Log4j for Java 7, but version 2.12.2 of the Java 7 runtime was released to support Log4Shell and CVE-2021-45046. ASF requests Log4j updates as soon as possible.

Copy the title and URL of this article.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

xvideo clip fuckmomtube.net reshma nude scenes
x videos aunty indianpornfeed.com indian bra xnxx
زب شاب pornwap.tv افلام مصريه سكس
soul eater hentai maka xhentaisex.com hahaoya shikkaku
tall hot girls pornovuku.com hdmovie99
xnxxx hd video interracialporntrends.com tabooporns.com
افلام سكس شميل 3gpkings.pro معاشرة زوجية حقيقية
xvideos indian mallu hindisextube.org dehati bf film
erotic indian girls monaporn.mobi masalaxx
abot kamay na pangarap may 26 2023 full episode youtube pinoyteleseryeonline.com niyogyugan festival date
خيانة زوجية سكس arabwifeporn.com افلام جنس لبنانى
kannada sex poto porn-tube-home.net blue film movie
www.filmitube.com hindifucking.com spy cam porn
joem bascon teleseryeone.com kabuhayang swak na swak
chandigarh shemales popcornporn.net palletoori sex