Rewterz Threat Alert – NJRAT – Active IOCs
December 17, 2021Rewterz Threat Advisory – CVE-2021-0959 – Google Android Vulnerability
December 18, 2021Rewterz Threat Alert – NJRAT – Active IOCs
December 17, 2021Rewterz Threat Advisory – CVE-2021-0959 – Google Android Vulnerability
December 18, 2021Severity
High
Analysis Summary
CVE-2021-45105
Apache Log4j is vulnerable to a denial of service, caused by the failure to protect from uncontrolled recursion from self-referential lookups. A remote attacker with control over Thread Context Map (MDC) input data could craft malicious input data that contains a recursive lookup to cause a StackOverflowError that will terminate the process.
Impact
- Denial of Service
Affected Vendors
Apache
Affected Products
- Apache Log4j 2.8.1
- Apache Log4j 2.13.1
- Apache Log4j 2.14.0
- Apache Log4j 2.14.1
- Apache Log4j 2.15.0
- Apache Log4j 2.0-beta9
- Apache Log4j 2.12.1
- Apache Log4j 2.13.0
- Apache Log4j 2.16.0
Remediation
Upgrade to the latest version of Apache Log4j, available from the Apache Web site.