CVE-2021-44832
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
- OSAny OS
- VersionAny Version
- TypeAny Type
11 fixes found:
- Published Date:Dec 28, 2021Updated Date:Dec 28, 2021
Version Update
(RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Published Date:Apr 11, 2022Updated Date:Apr 11, 2022Source:RedHat7Affected Packages:eap7-activemq-artemis-journal-2.16.0, eap7-infinispan-hibernate-cache-spi-11.0.15, eap7-infinispan-core-11.0.15, eap7-jboss-xnio-base-3.8.6, eap7-infinispan-component-annotations-11.0.15, eap7-hal-console-3.3.9, eap7-wildfly-elytron-tool-1.15.11, eap7-activemq-artemis-cli-2.16.0, eap7-hibernate-core-5.3.25, eap7-activemq-artemis-jms-server-2.16.0, eap7-infinispan-cachestore-remote-11.0.15, eap7-activemq-artemis-tools-2.16.0, eap7-wildfly-openssl-el7-x86_64-2.2.0, eap7-narayana-compensations-5.11.4, eap7-hibernate-entitymanager-5.3.25, eap7-narayana-restat-util-5.11.4, eap7-activemq-artemis-ra-2.16.0, eap7-undertow-2.2.16, eap7-narayana-jbossxts-5.11.4, eap7-activemq-artemis-jms-client-2.16.0, eap7-wildfly-openssl-2.2.0, eap7-narayana-txframework-5.11.4, eap7-jboss-vfs-3.2.16, eap7-infinispan-11.0.15, eap7-narayana-jbosstxbridge-5.11.4, eap7-log4j-2.17.1, eap7-infinispan-cachestore-jdbc-11.0.15, eap7-activemq-artemis-2.16.0, eap7-hibernate-5.3.25, eap7-activemq-artemis-server-2.16.0, eap7-narayana-restat-bridge-5.11.4, eap7-hibernate-envers-5.3.25, eap7-jboss-server-migration-core-1.10.0, eap7-activemq-artemis-core-client-2.16.0, eap7-activemq-artemis-commons-2.16.0, eap7-infinispan-commons-11.0.15, eap7-jboss-server-migration-1.10.0, eap7-activemq-artemis-hqclient-protocol-2.16.0, eap7-activemq-artemis-hornetq-protocol-2.16.0, eap7-narayana-5.11.4, eap7-activemq-artemis-jdbc-store-2.16.0, eap7-ecj-3.26.0, eap7-wildfly-java-jdk11-7.4.4, eap7-wildfly-java-jdk8-7.4.4, eap7-activemq-artemis-selector-2.16.0, eap7-infinispan-hibernate-cache-commons-11.0.15, eap7-activemq-artemis-service-extensions-2.16.0, eap7-activemq-artemis-dto-2.16.0, eap7-narayana-jts-idlj-5.11.4, eap7-infinispan-hibernate-cache-v53-11.0.15, eap7-xom-1.3.7, eap7-wildfly-openssl-el7-x86_64-debuginfo-2.2.0, eap7-narayana-restat-api-5.11.4, eap7-wildfly-elytron-1.15.11, eap7-jboss-server-migration-cli-1.10.0, eap7-hibernate-java8-5.3.25, eap7-jbossws-cxf-5.4.4, eap7-wildfly-7.4.4, eap7-yasson-1.0.10, eap7-objectweb-asm-9.1.0, eap7-wildfly-modules-7.4.4, eap7-wildfly-openssl-java-2.2.0, eap7-narayana-restat-integration-5.11.4, eap7-narayana-jts-integration-5.11.4, eap7-wildfly-javadocs-7.4.4, eap7-infinispan-client-hotrod-11.0.15
Version Update
(RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
Published Date:Apr 11, 2022Updated Date:Apr 11, 2022Source:RedHat8Affected Packages:eap7-activemq-artemis-journal-2.16.0, eap7-infinispan-hibernate-cache-spi-11.0.15, eap7-infinispan-core-11.0.15, eap7-jboss-xnio-base-3.8.6, eap7-infinispan-component-annotations-11.0.15, eap7-hal-console-3.3.9, eap7-wildfly-elytron-tool-1.15.11, eap7-activemq-artemis-cli-2.16.0, eap7-hibernate-core-5.3.25, eap7-activemq-artemis-jms-server-2.16.0, eap7-infinispan-cachestore-remote-11.0.15, eap7-activemq-artemis-tools-2.16.0, eap7-wildfly-openssl-el8-x86_64-2.2.0, eap7-narayana-compensations-5.11.4, eap7-hibernate-entitymanager-5.3.25, eap7-activemq-artemis-ra-2.16.0, eap7-narayana-restat-util-5.11.4, eap7-narayana-jbossxts-5.11.4, eap7-activemq-artemis-commons-2.16.0, eap7-activemq-artemis-jms-client-2.16.0, eap7-jboss-vfs-3.2.16, eap7-wildfly-openssl-2.2.0, eap7-narayana-txframework-5.11.4, eap7-infinispan-11.0.15, eap7-narayana-jbosstxbridge-5.11.4, eap7-undertow-2.2.16, eap7-log4j-2.17.1, eap7-infinispan-cachestore-jdbc-11.0.15, eap7-wildfly-javadocs-7.4.4, eap7-activemq-artemis-2.16.0, eap7-hibernate-5.3.25, eap7-activemq-artemis-server-2.16.0, eap7-narayana-restat-bridge-5.11.4, eap7-hibernate-envers-5.3.25, eap7-jboss-server-migration-core-1.10.0, eap7-activemq-artemis-core-client-2.16.0, eap7-infinispan-commons-11.0.15, eap7-jboss-server-migration-1.10.0, eap7-activemq-artemis-hqclient-protocol-2.16.0, eap7-activemq-artemis-hornetq-protocol-2.16.0, eap7-narayana-5.11.4, eap7-activemq-artemis-jdbc-store-2.16.0, eap7-ecj-3.26.0, eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0, eap7-activemq-artemis-selector-2.16.0, eap7-infinispan-hibernate-cache-commons-11.0.15, eap7-activemq-artemis-service-extensions-2.16.0, eap7-activemq-artemis-dto-2.16.0, eap7-infinispan-hibernate-cache-v53-11.0.15, eap7-xom-1.3.7, eap7-narayana-restat-api-5.11.4, eap7-wildfly-elytron-1.15.11, eap7-jboss-server-migration-cli-1.10.0, eap7-hibernate-java8-5.3.25, eap7-wildfly-7.4.4, eap7-jbossws-cxf-5.4.4, eap7-yasson-1.0.10, eap7-objectweb-asm-9.1.0, eap7-wildfly-openssl-java-2.2.0, eap7-wildfly-modules-7.4.4, eap7-narayana-restat-integration-5.11.4, eap7-narayana-jts-integration-5.11.4, eap7-narayana-jts-idlj-5.11.4, eap7-infinispan-client-hotrod-11.0.15
Version Update
Apache Log4j 2 vulnerabilities
Published Date:Jan 11, 2022Updated Date:Jan 11, 2022Source:Ubuntu21.04Affected Packages:liblog4j2-java-2.17.1
Version Update
Apache Log4j 2 vulnerabilities
Published Date:Jan 11, 2022Updated Date:Jan 11, 2022Source:Ubuntu20.04Affected Packages:liblog4j2-java-doc-2.17.1, liblog4j2-java-2.17.1
Version Update
Apache Log4j 2 vulnerabilities
Published Date:Jan 11, 2022Updated Date:Jan 11, 2022Source:Ubuntu21.10Affected Packages:liblog4j2-java-2.17.1
Version Update
Apache Log4j 2 vulnerabilities
Published Date:Jan 11, 2022Updated Date:Jan 11, 2022Source:Ubuntu18.04Affected Packages:liblog4j2-java-doc-2.12.4, liblog4j2-java-2.12.4
Version Update
[SECURITY] [DLA 2870-1] apache-log4j2 security update
Published Date:Dec 29, 2021Updated Date:Dec 29, 2021Source:Debian9Affected Packages:apache-log4j2-2.12.4, liblog4j2-java-2.12.4