BDU:2021-06325

BDU

HighConfirmedExploit available

Уязвимость библиотеки журналирования Java-программ Log4j существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости мо…

CVSS

7.5

High

EPSS

0.00

Published

2021-01-01

Updated

2021-01-01

Description

Уязвимость библиотеки журналирования Java-программ Log4j существует из-за недостаточной проверки входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании с помощью специально сформированного рекурсивного запроса

Tags · CWE

Pre-auth

Affected products

Apache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4jApache software foundation Log4j

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Timeline

2021-01-01

Published

2021-01-01

Updated

CVSS 3.1 breakdown

Attack Vector

AV: N

Network (N)

Attack Complexity

AC: L

Low (L)

Privileges Required

PR: N

None (N)

User Interaction

UI: N

None (N)

Scope

S: U

Unchanged (U)

Confidentiality Impact

C: N

None (N)

Integrity Impact

I: N

None (N)

Availability Impact

A: H

High (H)

Exploit indicators

EPSS

0.000 · p0

Known exploited (KEV)

Known exploits — Сканер-ВС

CVE-2021-45105

github-poc · https://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1

Enterprise

Affected products

Red Hat

Openshift Container Platform Jboss Enterprise Application Platform Jboss Fuse Red Hat Single Sign-on Openshift Application Runtimes Red Hat Process Automation Red Hat Descision Manager Red Hat Integration Camel K Red Hat Integration Camel Quarkus Data Grid+3

Apache

Log4j

Netapp

Snap Creator Framework Cloud Manager Ontap Tools For Vmware Vsphere

Product	Vendor	Status
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked
log4j	apache software foundation	Tracked

Showing first 20 of 140

Source databases

BDU

Related vulnerabilities

CVE-2021-45105

External references

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45105@https://access.redhat.com/security/cve/CVE-2021-45105@https://logging.apache.org/log4j/2.x/security.html@https://redos.red-soft.ru/support/secure/@https://security.netapp.com/advisory/ntap-20211218-0001/@https://strelets.net/patchi-i-obnovleniya-bezopasnosti#26012022@https://www.debian.org/security/2021/dsa-5024@https://www.opennet.ru/opennews/art.shtml?num=56370@https://www.zerodayinitiative.com/advisories/ZDI-21-1541/@https://goslinux.fssp.gov.ru/2726972/@https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.4.2/@https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023@https://attack.mitre.org/campaigns/C0018