Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2021-44228

A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup. (CVE-2021-44228)

Source

ALAS2022-2021-003

Amazon Linux 2022 Security Advisory: ALAS-2021-003
Advisory Release Date: 2021-12-10 21:56 Pacific
Advisory Updated Date: 2021-12-11 12:00 Pacific

Severity: Critical

References: CVE-2021-44228

Issue Overview:

A flaw was found in the Java logging library Apache Log4j 2 in versions from 2.0-beta9 and before and including 2.14.1. This could allow a remote attacker to execute code on the server if the system logs an attacker-controlled string value with the attacker's JNDI LDAP server lookup. (CVE-2021-44228)

Affected Packages:

log4j

Issue Correction:
Run dnf update --releasever=2022.0.20211210 log4j to update your system.

New Packages:

noarch:
    log4j-slf4j-2.15.0-1.amzn2022.0.1.noarch
    log4j-2.15.0-1.amzn2022.0.1.noarch
    log4j-jcl-2.15.0-1.amzn2022.0.1.noarch

src:
    log4j-2.15.0-1.amzn2022.0.1.src

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

ALAS2022-2021-003

ALAS2022-2021-003

Vulmon Search

About

Products

Connect