| ID | 51050 |
| Created | Dec 20, 2021 |
| Updated | Jan 18, 2022 |
| Outbreak Alert | Log4j2 Vulnerability |
| Severity |
|
| Coverage |
IPS (Regular DB)
IPS (Extended DB)
|
| Default Action | drop |
| Active |
|
| Affected OS | All |
| Affected App | Apache |
Legend
| Active/Available |
|
| InActive/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2022-01-19 | 19.244 | Sig Added |
| 2021-12-23 | 19.225 | Sig Added |
| 2021-12-23 | 19.225 | Default_action:pass:drop |
| 2021-12-21 | 19.223 |
Refine Search
Threat Encyclopedia
Apache.Log4j.Error.Log.Thread.Context.DoS
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in Apache Log4j.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker could exploit these vulnerabilities by sending a crafted request to the target server. Successful exploitation could result in a denial-of-service condition.
Affected Products
Apache Log4j 2.0-beta9 prior to 2.17.0
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://logging.apache.org/log4j/2.x/security.html
