{"id":44833,"date":"2022-01-12T05:42:28","date_gmt":"2022-01-11T20:42:28","guid":{"rendered":"https:\/\/jirak.net\/wp\/usn-5222-1-apache-log4j-2-vulnerabilities\/"},"modified":"2022-01-12T06:34:11","modified_gmt":"2022-01-11T21:34:11","slug":"usn-5222-1-apache-log4j-2-vulnerabilities","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/usn-5222-1-apache-log4j-2-vulnerabilities\/","title":{"rendered":"USN-5222-1: Apache Log4j 2 vulnerabilities"},"content":{"rendered":"<p>USN-5222-1: Apache Log4j 2 vulnerabilities<\/p>\n<p>It was discovered that Apache Log4j 2 was vulnerable to remote code<br \/>\nexecution (RCE) attack when configured to use a JDBC Appender with a<br \/>\nJNDI LDAP data source URI. A remote attacker could possibly use this issue to<br \/>\ncause a crash, leading to a denial of service. (CVE-2021-44832)<\/p>\n<p>Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not<br \/>\nprotect against infinite recursion in lookup evaluation. A remote attacker<br \/>\ncould possibly use this issue to cause Apache Log4j 2 to crash, leading to<br \/>\na denial of service. This issue only affected Ubuntu 16.04 ESM.<br \/>\n(CVE-2021-45105)<br \/>\nSource: <a href=\"https:\/\/ubuntu.com\/security\/notices\/USN-5222-1\" target=\"_blank\" rel=\"noopener\">USN-5222-1: Apache Log4j 2 vulnerabilities<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>USN-5222-1: Apache Log4j 2 vulnerabilities It was discovered that Apache Log4j 2 was vulnerable to remote code execution (RCE) attack when configured to use a JDBC Appender with a JNDI LDAP data source URI. A remote attacker could possibly use this issue to cause a crash, leading to a denial of service. (CVE-2021-44832) Hideki Okamoto and Guy Lederfein discovered that Apache Log4j 2 did not protect against infinite recursion in lookup evaluation. A remote attacker could possibly use this issue to cause Apache Log4j 2 to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 ESM. (CVE-2021-45105) Source: USN-5222-1: Apache Log4j 2 vulnerabilities<\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-44833","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/44833","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=44833"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/44833\/revisions"}],"predecessor-version":[{"id":44834,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/44833\/revisions\/44834"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=44833"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=44833"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=44833"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}