Apache Log4j 2 version 2.17.0 released for CVE-2021-45105 Denial of Service attack


Apache Log4j2 version 2.16.0 was released on 13th December 2021 to fix the vulnerability that was reported in CVE-2021-44228 for security issues related to JNDI. Require log4j2.enableJndi to be set to true to allow JNDI.



A new security vulnerability CVE-2021-45105 has been reported on 18 December 2021.

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.

https://nvd.nist.gov/vuln/detail/CVE-2021-45105


Apache has released version 2.17.0 to fix this issue of DOS (Denial of Service) attack.



Download the latest version: https://logging.apache.org/log4j/2.x/download.html



Advertisements
Try Out Code2care Dev Tools:

Advertisements



Android Java Linux Microsoft Google Python macOS Notepad++ Microsoft Teams CSS PHP SharePoint Html Linux C Programs Bootstrap jQuery Sublime Android Studio Facebook Eclipse WhatsApp News MySQL Json HowTos JavaScript FTP S3


Advertisements


Code2care is an initiative to publish and share varied knowledge in programming and technical areas gathered during day-to-day learnings and development activities.

Students and Software Developers can leverage this portal to find solutions to their various queries without re-inventing the wheel by referring to our easy to understand posts. Technical posts might include Learnings, Tutorials, Trouble-Shooting steps, Video Tutorials, Code Snippets, How Tos, Blogs, Articles, etc.
🎉 We are celebrating the 10th years of Code2care! Thank you for all your support! We hope we made a difference.
We strong support Gender Equality & Diversity.

We stand in solidarity with Ukraine - Make a donation to UNHCR - https://donate.unhcr.org/in/en-in/ukraine-emergency