Apache Log4j2 versions 2.0-alpha1 up to and including 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache log4j |
||
netapp cloud manager - |
||
debian debian linux 10.0 |
||
debian debian linux 11.0 |
||
sonicwall email security |
||
sonicwall network security manager |
||
sonicwall web application firewall |
||
sonicwall 6bk1602-0aa12-0tp0 firmware |
||
sonicwall 6bk1602-0aa22-0tp0 firmware |
||
sonicwall 6bk1602-0aa32-0tp0 firmware |
||
sonicwall 6bk1602-0aa42-0tp0 firmware |
||
sonicwall 6bk1602-0aa52-0tp0 firmware |
||
oracle agile engineering data management 6.2.1.0 |
||
oracle agile plm 9.3.6 |
||
oracle agile plm mcad connector 3.6 |
||
oracle autovue for agile product lifecycle management 21.0.2 |
||
oracle banking deposits and lines of credit servicing 2.12.0 |
||
oracle banking enterprise default management 2.7.1 |
||
oracle banking enterprise default management 2.12.0 |
||
oracle banking loans servicing 2.12.0 |
||
oracle banking party management 2.7.0 |
||
oracle banking payments 14.5 |
||
oracle banking platform 2.6.2 |
||
oracle banking platform 2.7.1 |
||
oracle banking platform 2.12.0 |
||
oracle banking trade finance 14.5 |
||
oracle banking treasury management 14.5 |
||
oracle business intelligence 5.5.0.0.0 |
||
oracle communications asap 7.3 |
||
oracle communications billing and revenue management 12.0.0.4 |
||
oracle communications billing and revenue management 12.0.0.5 |
||
oracle communications cloud native core console 1.9.0 |
||
oracle communications cloud native core network function cloud native environment 1.10.0 |
||
oracle communications cloud native core network repository function 1.15.0 |
||
oracle communications cloud native core network repository function 1.15.1 |
||
oracle communications cloud native core network slice selection function 1.8.0 |
||
oracle communications cloud native core policy 1.15.0 |
||
oracle communications cloud native core security edge protection proxy 1.7.0 |
||
oracle communications cloud native core service communication proxy 1.15.0 |
||
oracle communications cloud native core unified data repository 1.15.0 |
||
oracle communications convergence 3.0.2.2.0 |
||
oracle communications convergence 3.0.3.0 |
||
oracle communications convergent charging controller |
||
oracle communications convergent charging controller 6.0.1.0.0 |
||
oracle communications diameter signaling router |
||
oracle communications eagle element management system 46.6 |
||
oracle communications eagle ftp table base retrieval 4.5 |
||
oracle communications element manager |
||
oracle communications evolved communications application server 7.1 |
||
oracle communications interactive session recorder 6.3 |
||
oracle communications interactive session recorder 6.4 |
||
oracle communications ip service activator 7.4.0 |
||
oracle communications messaging server 8.1 |
||
oracle communications network charging and control |
||
oracle communications network charging and control 6.0.1.0.0 |
||
oracle communications network integrity 7.3.6 |
||
oracle communications performance intelligence center 10.4.0.3 |
||
oracle communications pricing design center 12.0.0.4 |
||
oracle communications pricing design center 12.0.0.5 |
||
oracle communications service broker 6.2 |
||
oracle communications services gatekeeper 7.0 |
||
oracle communications session report manager |
||
oracle communications session route manager |
||
oracle communications unified inventory management 7.3.5 |
||
oracle communications unified inventory management 7.4.1 |
||
oracle communications unified inventory management 7.4.2 |
||
oracle communications user data repository 12.4 |
||
oracle communications webrtc session controller 7.2.0.0 |
||
oracle communications webrtc session controller 7.2.1 |
||
oracle data integrator 12.2.1.3.0 |
||
oracle data integrator 12.2.1.4.0 |
||
oracle e-business suite 12.2 |
||
oracle enterprise manager base platform 13.4.0.0 |
||
oracle enterprise manager base platform 13.5.0.0 |
||
oracle enterprise manager for peoplesoft 13.4.1.1 |
||
oracle enterprise manager for peoplesoft 13.5.1.1 |
||
oracle enterprise manager ops center 12.4.0.0 |
||
oracle financial services analytical applications infrastructure |
||
oracle financial services model management and governance 8.0.8.0.0 |
||
oracle financial services model management and governance 8.1.0.0.0 |
||
oracle financial services model management and governance 8.1.1.0.0 |
||
oracle flexcube universal banking |
||
oracle flexcube universal banking 11.83.3 |
||
oracle flexcube universal banking 14.5 |
||
oracle health sciences empirica signal 9.1.0.6 |
||
oracle health sciences empirica signal 9.2.0.0 |
||
oracle health sciences inform 6.2.1.1 |
||
oracle health sciences inform 6.3.2.1 |
||
oracle health sciences inform 7.0.0.0 |
||
oracle health sciences information manager |
||
oracle healthcare data repository 8.1.1 |
||
oracle healthcare foundation |
||
oracle healthcare master person index 5.0.1 |
||
oracle healthcare translational research 4.1.0 |
||
oracle healthcare translational research 4.1.1 |
||
oracle hospitality suite8 8.13.0 |
||
oracle hospitality suite8 8.14.0 |
||
oracle hospitality token proxy service 19.2 |
||
oracle hyperion bi+ |
||
oracle hyperion data relationship management |
||
oracle hyperion infrastructure technology |
||
oracle hyperion planning |
||
oracle hyperion profitability and cost management |
||
oracle hyperion tax provision |
||
oracle identity management suite 12.2.1.3.0 |
||
oracle identity management suite 12.2.1.4.0 |
||
oracle identity manager connector 9.1.0 |
||
oracle instantis enterprisetrack 17.1 |
||
oracle instantis enterprisetrack 17.2 |
||
oracle instantis enterprisetrack 17.3 |
||
oracle insurance data gateway 1.0.1 |
||
oracle insurance insbridge rating and underwriting |
||
oracle insurance insbridge rating and underwriting 5.2.0 |
||
oracle insurance insbridge rating and underwriting 5.6.1.0 |
||
oracle jdeveloper 12.2.1.4.0 |
||
oracle managed file transfer 12.2.1.3.0 |
||
oracle managed file transfer 12.2.1.4.0 |
||
oracle management cloud engine 1.5.0 |
||
oracle mysql enterprise monitor |
||
oracle payment interface 19.1 |
||
oracle payment interface 20.3 |
||
oracle peoplesoft enterprise peopletools 8.58 |
||
oracle peoplesoft enterprise peopletools 8.59 |
||
oracle primavera gateway |
||
oracle primavera gateway 21.12.0 |
||
oracle primavera p6 enterprise project portfolio management |
||
oracle primavera p6 enterprise project portfolio management 21.12.0.0 |
||
oracle primavera unifier 18.8 |
||
oracle primavera unifier 19.12 |
||
oracle primavera unifier 20.12 |
||
oracle primavera unifier 21.12 |
||
oracle retail back office 14.1 |
||
oracle retail central office 14.1 |
||
oracle retail customer insights 15.0.2 |
||
oracle retail customer insights 16.0.2 |
||
oracle retail data extractor for merchandising 15.0.2 |
||
oracle retail data extractor for merchandising 16.0.2 |
||
oracle retail eftlink 16.0.3 |
||
oracle retail eftlink 17.0.2 |
||
oracle retail eftlink 18.0.1 |
||
oracle retail eftlink 19.0.1 |
||
oracle retail eftlink 20.0.1 |
||
oracle retail eftlink 21.0.0 |
||
oracle retail financial integration |
||
oracle retail financial integration 14.1.3.2 |
||
oracle retail financial integration 15.0.3.1 |
||
oracle retail financial integration 19.0.0 |
||
oracle retail financial integration 19.0.1 |
||
oracle retail integration bus |
||
oracle retail integration bus 14.1.3 |
||
oracle retail integration bus 14.1.3.2 |
||
oracle retail integration bus 15.0.3.1 |
||
oracle retail integration bus 19.0.0 |
||
oracle retail integration bus 19.0.1 |
||
oracle retail invoice matching 15.0.3 |
||
oracle retail invoice matching 16.0.3 |
||
oracle retail merchandising system 16.0.3 |
||
oracle retail merchandising system 19.0.1 |
||
oracle retail order broker 16.0 |
||
oracle retail order broker 18.0 |
||
oracle retail order broker 19.1 |
||
oracle retail order management system 19.5 |
||
oracle retail point-of-service 14.1 |
||
oracle retail predictive application server 14.1.3.46 |
||
oracle retail predictive application server 15.0.3.115 |
||
oracle retail predictive application server 16.0.3.240 |
||
oracle retail price management 13.2 |
||
oracle retail price management 14.0.4 |
||
oracle retail price management 14.1.3.0 |
||
oracle retail price management 15.0.3.0 |
||
oracle retail price management 16.0.3.0 |
||
oracle retail returns management 14.1 |
||
oracle retail service backbone |
||
oracle retail service backbone 14.1.3 |
||
oracle retail service backbone 14.1.3.2 |
||
oracle retail service backbone 15.0.3.1 |
||
oracle retail service backbone 19.0.0 |
||
oracle retail service backbone 19.0.1 |
||
oracle retail service backbone 19.0.1.0 |
||
oracle retail store inventory management 14.0.4.13 |
||
oracle retail store inventory management 14.1.3.5 |
||
oracle retail store inventory management 14.1.3.14 |
||
oracle retail store inventory management 15.0.3.3 |
||
oracle retail store inventory management 15.0.3.8 |
||
oracle retail store inventory management 16.0.3.7 |
||
oracle siebel ui framework |
||
oracle sql developer |
||
oracle taleo platform |
||
oracle utilities framework |
||
oracle utilities framework 4.4.0.0.0 |
||
oracle utilities framework 4.4.0.2.0 |
||
oracle utilities framework 4.4.0.3.0 |
||
oracle webcenter portal 12.2.1.3.0 |
||
oracle webcenter portal 12.2.1.4.0 |
||
oracle webcenter sites 12.2.1.3.0 |
||
oracle webcenter sites 12.2.1.4.0 |
||
oracle weblogic server 12.2.1.3.0 |
||
oracle weblogic server 12.2.1.4.0 |
||
oracle weblogic server 14.1.1.0.0 |
Symantec data shows variation and scope of attacks.
Posted: 23 Dec, 20214 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinLog4j Vulnerabilities: Attack InsightsSymantec data shows variation and scope of attacks.Apache Log4j is a Java-based logging utility. The library’s main role is to log information related to security and performance to make error debugging easier and to enable applications to run smoothly. The library is part of the Apache Logging Services, a project of the A...
Posted: 13 Oct, 20225 Min ReadThreat Intelligence SubscribeFollowtwitterlinkedinBudworm: Espionage Group Returns to Targeting U.S. OrganizationsRecent attacks by group have spanned continents and include first confirmed attacks seen against the U.S. in a number of years.The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a mul...
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...
Get our weekly newsletter It's not as though folks haven't been warned about this
There have been millions of downloads of outdated, vulnerable Log4j versions despite the emergence of a serious security hole in December 2021, according to figures compiled by the firm that runs Apache Maven's Central Repository. That company, Sonatype, said it had seen four million downloads of exploitable Log4j versions from the repository alone between 10 December and the present day, out of a total of more than 10 million downloads over those past four weeks. Tracked as CVE-2021-44228 aka L...
Get our weekly newsletter Third major fix in ten days is an infinite recursion flaw rated 7.5/10
The Apache Software Foundation (ASF) has revealed a third bug in its Log4 Java-based open-source logging library Log4j. CVE-2021-45105 is a 7.5/10-rated infinite recursion bug that was present in Log4j2 versions 2.0-alpha1 through 2.16.0. The fix is version 2.17.0 of Log4j. That’s the third new version of the tool in the last ten days. In case you haven’t been paying attention, version 2.15.0 was created to fix CVE-2021-44228, the critical-rated and trivial-to-exploit remote code execution f...