33
/de/
AIzaSyAYiBZKx7MnpbEhh9jyipgxe19OcubqV5w
August 1, 2025
6278694
596948
2
Public Timelines
Public TimelinesFAQ
Public TimelinesFAQ
For educational institutions For teachers For students Cabinet
For educational institutions For teachers For students Open cabinet
Erstellen
Create a timeline
Public timelines
Library
FAQ

28 Dez 2021 Jahr - CVE-2021-44832 CVSSv3: N/A Log4j 2.17.0 now vuln to RCE PATCH to v2.17.1

Beschreibung:

Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Zugefügt zum Band der Zeit:

timeline log4j - log4shell

ByManuel -
30 Dez 2021
1
0
2605

Datum:

28 Dez 2021 Jahr
Jetzt
~ 3 years and 5 months ago
About & FeedbackVereinbarungPrivatheitBibliothekFAQ
Support 24/7  
CabinetGet premium
Donate
The service accepts bank transfer (ACH, Wire) or cards (Visa, MasterCard, etc). Processed by Stripe.
Secured with SSL