Share
The Log4Shell exploit gives attackers a simple way to execute code on any vulnerable machine. CVE-2021-45046, second version of vulnerability emerges from the incomplete patch to the CVE-2021-44228 that leads attackers to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. CVE-2021-45046, rated 9.0 (critical) on the CVSS scale.
CVE-2021-45105, third version of vulnerability emerges when the attacker’s control over Thread Context Map (MDC) input data which can craft malicious input data that contains a recursive lookup and can cause Denial of Service.CVE-2021-45105, rated 7.5 (high) on the CVSS scale.
CVE-2021-4104, fourth version of vulnerability emerges when the attacker has write access to the Log4j configuration using JMSAppender which is vulnerable to deserialization of untrusted data.CVE-2021-4104, rated 8.1 (high) on the CVSS scale.
CD Bytes! As a trusted Qualys partner Cloud Destinations helps organizations in quick detection and remediation of log4j vulnerabilities with its advanced out-of-band detection mechanisms. Qualys is also continuously updating their platform to make accurate detections of applications vulnerable to log4shell. For more information & engagement please refer https://clouddestinations.com and write to info@clouddestinations.com
2603 Camino Ramon, Bishop Ranch 3, Suite 200, San Ramon, CA 94583, USA
9850 King George Blvd, 2nd-5th Floor, Surrey, British Columbia, V3T 4Y3, Canada
833A/ 3, Level 28, The Gardens South Tower, Mid Valley City, Lingkaran Syed Putra, 59200, Kuala Lumpur, Malaysia
Block A2, First Floor, Span Ventures SEZ, Rathinam Tech Zone, Pollachi Main Road, Eachanari, Coimbatore – 641021
WorkEZ Urban Square, Kandanchavadi, OMR, Kottivakkam, Rajiv Gandhi Salai, Chennai – 600041