JavaのLog4jライブラリで「Log4Shell」に加えて新たな脆弱性「CVE-2021-45046」が発覚、アップデートで対応可能

2021/12/16 12 users Java Log4Shell 発覚 Log4jライブラリ 通称

Javaのログ出力ライブラリであるLog4jで、任意のコードをリモート実行される深刻な脆弱(ぜいじゃく)性・CVE-2021-44228、通称「Log4Shell」が発見されました。Log4jを提供するApacheソフトウェア財団(ASF)は、さらに新たな脆弱性・CVE-2021-45046が発覚したと報告しており、Log4jをバージョン2.16.0以降にアップデートす... 続きを読む

Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaSec

2021/12/15 5 users LunaSec CVE-2021-44228

We found that the DOS outlined in the CVE was not actually impactful because it did not consume resources during our testing (see below). We could still be wrong through, so we continue to recommend that you upgrade to 2.16.0 in the event that a better exploit is found to abuse this attack vector... 続きを読む

CVE - CVE-2021-45046

2021/12/14 22 users CVE

• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context M... 続きを読む