Here's the page we think you wanted. See search results instead:

Chat Live

Welcome

You are signed as:

My Profile
Logout

Please Confirm

Confirm your country to access relevant pricing, special offers, events, and contact information.

What are you looking for?

I'm looking for support Pro Oscilloscopes Handheld Spectrum Analyzers Compact Signal Generators Find a solution Get technical support Take a class Find us at events Premium used equipment KeysightCare Buy online

No product matches found - System Exception

Apache Log4j JndiManager JNDI Injection RCE

Strike ID:

E22-co461

CVSS:

9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

False Positive:

Variants:

544

Year:

2021

Description

A JNDI Injection vulnerability exists in Apache Log4j version 2.0-beta9 to 2.15.0, excluding 2.12.2. The vulnerability is due to improper handling of logged messages when the logging configuration uses a non-default Pattern Layout. An attacker who can control an item in the MapMessage or StrucutredDataMessage can exploit this vulnerability by sending a crafted message to be logged by the target application, a remote unauthenticated attacker can cause denial of service or in certain configuration execute arbitrary code on the target system. This vulnerability is due to the incomplete fix for CVE-2021-44228. *NOTE: This strike uses the local hostname check bypass method.

CVE

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45046

References

https://www.whitesourcesoftware.com/resources/blog/log4j-vulnerability-cve-2021-45046/