Skip to main content

Apache Log4j Remote Code Execution Vulnerability

Release Date: 29 Dec 2021 2441 Views

RISK: Medium Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Apache Log4j. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

Only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.


Impact

  • Remote Code Execution

System / Technologies affected

  • Apache Log4j versions from 2.0-alpha7 to 2.17.0, excluding 2.3.2 and 2.12.4

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

  • Java 8 (or later) users should upgrade to release 2.17.1
  • Java 7 users should upgrade to release 2.12.4
  • Java 6 users should upgrade to release 2.3.2

Vulnerability Identifier


Source


Related Link