CISA KEV 정보
| 취약점명 | Apache Log4j2 Remote Code Execution Vulnerability |
|---|---|
| 설명 | Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. |
| 조치사항 | For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available. |
| 랜섬웨어 캠페인 악용 | Known |
| CWE | CWE-20 | CWE-400 | CWE-502 |
| 등록일 (KEV) | 2021-12-10 |
| 조치 기한 | 2021-12-24 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2021-44228 |
NVD 상세 정보
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAV:N/AC:M/Au:N/C:C/I:C/A:C설명: Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
CWE: CWE-20 | CWE-400 | CWE-502 | CWE-917
참조
- http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html [Broken Link, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165371/VMware-Security-Advisory-2021-0028.4.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165532/Log4Shell-HTTP-Header-Injection.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165642/VMware-vCenter-Server-Unauthenticated-Log4Shell-JNDI-Injection-Remote-Code-Execution.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/165673/UniFi-Network-Application-Unauthenticated-Log4Shell-Remote-Code-Execution.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/167794/Open-Xchange-App-Suite-7.10.x-Cross-Site-Scripting-Command-Injection.html [Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/167917/MobileIron-Log4Shell-Remote-Command-Execution.html [Exploit, Third Party Advisory, VDB Entry]
- ... 외 88건
This product uses the NVD API but is not endorsed or certified by the NVD.