30
/
AIzaSyAYiBZKx7MnpbEhh9jyipgxe19OcubqV5w
April 1, 2024
6257428
596948
2
Public Timelines FAQ
Public TimelinesFAQ
Public TimelinesFAQ
For educational institutions For teachers For students Open cabinet
For educational institutions For teachers For students Open cabinet
Create
Create a timeline
Public timelines
Library
FAQ

dec 14, 2021 - CVE-2021-4104 CVSSv3: 8.1 HIGH Log4j 1.2 JMSAppender

Description:

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

Added to timeline:

timeline log4j - log4shell

ByManuel -
30 Dec 2021

Date:

dec 14, 2021
Now
~ 2 years and 5 months ago
About & FeedbackTermsPrivacyLibrary
2024 © Time.Graphics
Support 24/7  
CabinetGet premium
Donate
The service accepts bank transfer (ACH, Wire) or cards (Visa, MasterCard, etc). Processed by Stripe.
Secured with SSL
Excellent (Trustpilot Reviews)
Based on 115+ reviews
Write your own review on Trustpilot.com