Page 1 of 1
CVE-2021-44228 Multiple eptos Releases Security Advisory – Apache Log4j2 not protected against attacker controlled LDAP and other JNDI related endpoints Skip to end of metadata
Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. In previous releases (>2.10) this behavior can be mitigated by setting system property “log4j2.formatMsgNoLookups” to “true”.
20/05/2022
CVE-2021-45105 Multiple eptos™ Releases – Security Advisory – Apache Log4j2 <=2.17 did not protect from uncontrolled recursion from self-referential lookups.
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
CVE-2022-22965
If you have questions or concerns regarding this advisory, check support@paradine,at and add CVE to your issue description.
CVE-2022-0778
If you have questions or concerns regarding this advisory, check support@paradine,at and add CVE to your issue description.
Page 1 of 1