CVE-2021-45105

Description from NVD

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Information Acquisition Date:2022-05-01T12:06Z
CVSS 2.0: 4.3 MEDIUM CVSS 3.x: 5.9 MEDIUM

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:N/I:N/A:P

NVD References

 https://logging.apache.org/log4j/2.x/security.html
     source:MISC
     tags:Release Notes    Vendor Advisory    
 https://security.netapp.com/advisory/ntap-20211218-0001/
     source:CONFIRM
     tags:Third Party Advisory    
 [oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
     source:MLIST
     tags:Mailing List    Mitigation    Third Party Advisory    
 DSA-5024
     source:DEBIAN
     tags:Third Party Advisory    
 https://www.zerodayinitiative.com/advisories/ZDI-21-1541/
     source:MISC
     tags:Third Party Advisory    VDB Entry    
 20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021
     source:CISCO
     tags:Third Party Advisory    
 https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
     source:CONFIRM
     tags:Third Party Advisory    
 VU#930724
     source:CERT-VN
     tags:Third Party Advisory    US Government Resource    
 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
     source:CONFIRM
     tags:Third Party Advisory    
 https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf
     source:CONFIRM
     tags:Third Party Advisory    
 https://www.oracle.com/security-alerts/cpujan2022.html
     source:MISC
     tags:Patch    Third Party Advisory    
 https://www.oracle.com/security-alerts/cpuapr2022.html
     source:MISC
     tags:

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URLNum of Times Referred to
https://www.oracle.com/security-alerts/cpujan2022.html54
https://cvetrends.com51
https://www.reddit.com/r/programming/comments/rj48ol/log4j_...38
http://cyberiqs.com/latestnews17
https://lists.astaro.com/ASGV9-IPS-rules.html#016
https://www.jpcert.or.jp/at/2021/at210050.html16
https://thehackernews.com/2021/12/apache-issues-3rd-patch-t...14
https://www.zerodayinitiative.com/blog/2021/12/17/cve-2021-...9
https://bit.ly/3p7Sar57
https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/6
https://www.thezdi.com/blog/2021/12/17/cve-2021-45105-denia...5
https://tweetedtimes.com/v/21183?s=tnp5
https://www.cyberkendra.com/2021/12/3rd-vulnerability-on-ap...5
https://blog.trendmicro.co.jp/archives/297875
https://www.redpacketsecurity.com/cve-2021-451055
https://github.com/Puliczek/CVE-2021-44228-PoC-log4j-bypass...4
https://opsmtrs.com/3yzKsZo4
https://blogs.sap.com/2021/12/14/hana-xsa-log4j-cve-2021-442284
https://tools.cisco.com/security/center/content/CiscoSecuri...4
https://www.theregister.com/2021/12/19/log4j_new_flaw_cve_2...4
https://blog.segu-info.com.ar/2021/12/resumen-de-todos-los-...4
https://www.hackingarticles.in/a-detailed-guide-on-log4j-pe...4
https://ipssignatures.appspot.com/?cve=CVE-2021-451054
https://www.whitesourcesoftware.com/resources/blog/log4j-vu...4
https://hclsw.co/hoge7x3
https://twitter.com/TheHackersNews/status/14721486774980485123
https://www.cve.org/CVERecord?id=CVE-2021-451053
https://www.cisa.gov/uscert/ncas/alerts/aa21-356a3
https://guardedbox.es3
https://www.snort.org/downloads3
https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnera...3
https://www.vmware.com/security/advisories/VMSA-2021-0028.html3
https://softantenna.com/blog/log4j-2-17-03
https://www.tableau.com/about/blog/2021/12/update-apache-lo...3
http://www.boannews.com/media/view.asp?idx=1034433
https://access.redhat.com/security/vulnerabilities/RHSB-202...3
https://issues.apache.org/jira/browse/LOG4J2-32303
https://security.sios.com/vulnerability/misc-security-vulne...3
https://www.itmedia.co.jp/news/articles/2112/20/news135.html3
https://logging.apache.org/log4j/2.x/security.html3
https://support.citrix.com/article/CTX3357053
https://anchisesbr.blogspot.com/2021/12/seguranca-o-caos-do...3
https://www.bleepingcomputer.com/news/security/upgraded-to-...3
https://security.paloaltonetworks.com/CVE-2021-442283

Information from Twitter

User URL Info Source Date
fletch_ai https://bit.ly/3ZSDADv Source fletch_ai        1636584407820632064 2023/03/17

List of frequently cited URLs

URLNum of Times Referred to
www.oracle.com54
cvetrends.com51
www.reddit.com38
cyberiqs.com17
lists.astaro.com16
www.jpcert.or.jp16
thehackernews.com14
www.zerodayinitiative.com9
bit.ly7
sysdig.com6
www.thezdi.com5
tweetedtimes.com5
www.cyberkendra.com5
blog.trendmicro.co.jp5
www.redpacketsecurity.com5
github.com4
opsmtrs.com4
blogs.sap.com4
tools.cisco.com4
www.theregister.com4
blog.segu-info.com.ar4
www.hackingarticles.in4
ipssignatures.appspot.com4
www.whitesourcesoftware.com4
hclsw.co3
twitter.com3
www.cve.org3
www.cisa.gov3
guardedbox.es3
www.snort.org3
kb.tableau.com3
www.vmware.com3
softantenna.com3
www.tableau.com3
www.boannews.com3
access.redhat.com3
issues.apache.org3
security.sios.com3
www.itmedia.co.jp3
logging.apache.org3
support.citrix.com3
anchisesbr.blogspot.com3
www.bleepingcomputer.com3
security.paloaltonetworks.com3

Information from Twitter

User URL Info Source
fletch_ai bit.ly Show Tweet
GitHub Search Results: Up to 10
NameURL
No Data
GitHub Search Results: Up to 10
NameURL
No Data
2023/03/17 Score : 1
Added Har-sia Database : 2021/12/18
Last Modified : 2023/03/17
Highest Scored Date : 2021/12/19
Highest Score : 192