HTTP: Apache Log4j2 CVE-2021-45105 Denial Of Service

This signature detects attempts to exploit a known vulnerability against Apache Log4j. A successful attack can result in a denial-of-service condition.

Extended Description

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.

Affected Products

Oracle healthcare_translational_research

References

CVE: CVE-2021-45105

Short Name
HTTP:DOS:APACHE-LOG4J-DOS
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Apache CVE-2021-45105 Denial Log4j2 Of Service
Release Date
12/20/2021
Supported Platforms

srx-branch-12.3

srx-branch-19.3

vsrx3bsd-19.2

vsrx3bsd-19.4

srx-branch-19.4

vsrx-19.4

srx-19.4

vsrx-12.3

srx-12.3

vsrx-19.2

srx-19.3

vmx-19.4

mx-12.3

mx-19.4

mx-19.3

vmx-19.3

Sigpack Version
3693
False Positive
Unknown
Vendors

Apache

Sonicwall

Oracle

Netapp

Debian

CVSS Score

4.3

Found a potential security threat?