CVE-2021-45105

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

  • OS
    Any OS
  • Version
    Any Version
  • Type
    Any Type

22 fixes found:

    Workaround

    Log4j 2.17.0 (Java 8) fix and mitigation
    Published Date:Dec 17, 2021
    Updated Date:Dec 17, 2021

      Version Update

      (RHSA-2022:1462) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 7
      Published Date:Apr 20, 2022
      Updated Date:Apr 20, 2022
      Source:RedHat7
      Affected Packages:

      rh-sso7-keycloak-15.0.6, rh-sso7-keycloak-server-15.0.6

      Version Update

      (RHSA-2022:1463) Low: Red Hat Single Sign-On 7.5.2 security update on RHEL 8
      Published Date:Apr 20, 2022
      Updated Date:Apr 20, 2022
      Source:RedHat8
      Affected Packages:

      rh-sso7-keycloak-15.0.6, rh-sso7-keycloak-server-15.0.6

      Version Update

      (RHSA-2022:1296) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
      Published Date:Apr 11, 2022
      Updated Date:Apr 11, 2022
      Source:RedHat7
      Affected Packages:

      eap7-activemq-artemis-journal-2.16.0, eap7-infinispan-hibernate-cache-spi-11.0.15, eap7-infinispan-core-11.0.15, eap7-jboss-xnio-base-3.8.6, eap7-infinispan-component-annotations-11.0.15, eap7-hal-console-3.3.9, eap7-wildfly-elytron-tool-1.15.11, eap7-activemq-artemis-cli-2.16.0, eap7-hibernate-core-5.3.25, eap7-activemq-artemis-jms-server-2.16.0, eap7-infinispan-cachestore-remote-11.0.15, eap7-activemq-artemis-tools-2.16.0, eap7-wildfly-openssl-el7-x86_64-2.2.0, eap7-narayana-compensations-5.11.4, eap7-hibernate-entitymanager-5.3.25, eap7-narayana-restat-util-5.11.4, eap7-activemq-artemis-ra-2.16.0, eap7-undertow-2.2.16, eap7-narayana-jbossxts-5.11.4, eap7-activemq-artemis-jms-client-2.16.0, eap7-wildfly-openssl-2.2.0, eap7-narayana-txframework-5.11.4, eap7-jboss-vfs-3.2.16, eap7-infinispan-11.0.15, eap7-narayana-jbosstxbridge-5.11.4, eap7-log4j-2.17.1, eap7-infinispan-cachestore-jdbc-11.0.15, eap7-activemq-artemis-2.16.0, eap7-hibernate-5.3.25, eap7-activemq-artemis-server-2.16.0, eap7-narayana-restat-bridge-5.11.4, eap7-hibernate-envers-5.3.25, eap7-jboss-server-migration-core-1.10.0, eap7-activemq-artemis-core-client-2.16.0, eap7-activemq-artemis-commons-2.16.0, eap7-infinispan-commons-11.0.15, eap7-jboss-server-migration-1.10.0, eap7-activemq-artemis-hqclient-protocol-2.16.0, eap7-activemq-artemis-hornetq-protocol-2.16.0, eap7-narayana-5.11.4, eap7-activemq-artemis-jdbc-store-2.16.0, eap7-ecj-3.26.0, eap7-wildfly-java-jdk11-7.4.4, eap7-wildfly-java-jdk8-7.4.4, eap7-activemq-artemis-selector-2.16.0, eap7-infinispan-hibernate-cache-commons-11.0.15, eap7-activemq-artemis-service-extensions-2.16.0, eap7-activemq-artemis-dto-2.16.0, eap7-narayana-jts-idlj-5.11.4, eap7-infinispan-hibernate-cache-v53-11.0.15, eap7-xom-1.3.7, eap7-wildfly-openssl-el7-x86_64-debuginfo-2.2.0, eap7-narayana-restat-api-5.11.4, eap7-wildfly-elytron-1.15.11, eap7-jboss-server-migration-cli-1.10.0, eap7-hibernate-java8-5.3.25, eap7-jbossws-cxf-5.4.4, eap7-wildfly-7.4.4, eap7-yasson-1.0.10, eap7-objectweb-asm-9.1.0, eap7-wildfly-modules-7.4.4, eap7-wildfly-openssl-java-2.2.0, eap7-narayana-restat-integration-5.11.4, eap7-narayana-jts-integration-5.11.4, eap7-wildfly-javadocs-7.4.4, eap7-infinispan-client-hotrod-11.0.15

      Version Update

      (RHSA-2022:1297) Low: Red Hat JBoss Enterprise Application Platform 7.4.4 security update
      Published Date:Apr 11, 2022
      Updated Date:Apr 11, 2022
      Source:RedHat8
      Affected Packages:

      eap7-activemq-artemis-journal-2.16.0, eap7-infinispan-hibernate-cache-spi-11.0.15, eap7-infinispan-core-11.0.15, eap7-jboss-xnio-base-3.8.6, eap7-infinispan-component-annotations-11.0.15, eap7-hal-console-3.3.9, eap7-wildfly-elytron-tool-1.15.11, eap7-activemq-artemis-cli-2.16.0, eap7-hibernate-core-5.3.25, eap7-activemq-artemis-jms-server-2.16.0, eap7-infinispan-cachestore-remote-11.0.15, eap7-activemq-artemis-tools-2.16.0, eap7-wildfly-openssl-el8-x86_64-2.2.0, eap7-narayana-compensations-5.11.4, eap7-hibernate-entitymanager-5.3.25, eap7-activemq-artemis-ra-2.16.0, eap7-narayana-restat-util-5.11.4, eap7-narayana-jbossxts-5.11.4, eap7-activemq-artemis-commons-2.16.0, eap7-activemq-artemis-jms-client-2.16.0, eap7-jboss-vfs-3.2.16, eap7-wildfly-openssl-2.2.0, eap7-narayana-txframework-5.11.4, eap7-infinispan-11.0.15, eap7-narayana-jbosstxbridge-5.11.4, eap7-undertow-2.2.16, eap7-log4j-2.17.1, eap7-infinispan-cachestore-jdbc-11.0.15, eap7-wildfly-javadocs-7.4.4, eap7-activemq-artemis-2.16.0, eap7-hibernate-5.3.25, eap7-activemq-artemis-server-2.16.0, eap7-narayana-restat-bridge-5.11.4, eap7-hibernate-envers-5.3.25, eap7-jboss-server-migration-core-1.10.0, eap7-activemq-artemis-core-client-2.16.0, eap7-infinispan-commons-11.0.15, eap7-jboss-server-migration-1.10.0, eap7-activemq-artemis-hqclient-protocol-2.16.0, eap7-activemq-artemis-hornetq-protocol-2.16.0, eap7-narayana-5.11.4, eap7-activemq-artemis-jdbc-store-2.16.0, eap7-ecj-3.26.0, eap7-wildfly-openssl-el8-x86_64-debuginfo-2.2.0, eap7-activemq-artemis-selector-2.16.0, eap7-infinispan-hibernate-cache-commons-11.0.15, eap7-activemq-artemis-service-extensions-2.16.0, eap7-activemq-artemis-dto-2.16.0, eap7-infinispan-hibernate-cache-v53-11.0.15, eap7-xom-1.3.7, eap7-narayana-restat-api-5.11.4, eap7-wildfly-elytron-1.15.11, eap7-jboss-server-migration-cli-1.10.0, eap7-hibernate-java8-5.3.25, eap7-wildfly-7.4.4, eap7-jbossws-cxf-5.4.4, eap7-yasson-1.0.10, eap7-objectweb-asm-9.1.0, eap7-wildfly-openssl-java-2.2.0, eap7-wildfly-modules-7.4.4, eap7-narayana-restat-integration-5.11.4, eap7-narayana-jts-integration-5.11.4, eap7-narayana-jts-idlj-5.11.4, eap7-infinispan-client-hotrod-11.0.15

      Version Update

      Apache Log4j 2 vulnerabilities
      Published Date:Jan 11, 2022
      Updated Date:Jan 11, 2022
      Source:Ubuntu21.10
      Affected Packages:

      liblog4j2-java-2.17.1

      Version Update

      Apache Log4j 2 vulnerabilities
      Published Date:Jan 11, 2022
      Updated Date:Jan 11, 2022
      Source:Ubuntu21.04
      Affected Packages:

      liblog4j2-java-2.17.1

      Version Update

      Apache Log4j 2 vulnerabilities
      Published Date:Jan 11, 2022
      Updated Date:Jan 11, 2022
      Source:Ubuntu18.04
      Affected Packages:

      liblog4j2-java-doc-2.12.4, liblog4j2-java-2.12.4