Serene Description
Apache Log4j2 versions 2.0-beta7 by design of 2.17.0 (besides for security repair releases 2.3.2 and a pair of.12.4) are at likelihood of a a lot away code execution (RCE) attack where an attacker with permission to switch the logging configuration file can originate a malicious configuration utilizing a JDBC Appender with an info source referencing a JNDI URI which is prepared to invent a ways away code. This anxiousness is mounted by limiting JNDI info source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and a pair of.3.2.
Featured Content Ads
add advertising hereSeverity
CVSS 3.x Severity and Metrics:
Vector:
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
References to Advisories, Solutions, and Instruments
By deciding on these links, you might perchance perchance perchance be leaving NIST webspace.
We possess provided these links to other web web sites because they
also can possess info that is more likely to be of hobby to you. No
inferences needs to be drawn on fable of alternative web sites being
referenced, or now not, from this page. There also can very properly be other web
web sites that are more acceptable for your reason. NIST does
now not necessarily endorse the views expressed, or concur with
the info presented on these web sites. Extra, NIST does now not
endorse any industrial merchandise that also can very properly be talked about on
these web sites. Please tackle feedback about this page to nvd@nist.gov.
Change Historical previous
3 alternate info found disclose changes
Join the pack! Join 8000+ others registered customers, and bag chat, originate groups, post updates and originate chums world wide!
www.knowasiak.com/register