CVE-2021-45105 – Apache / Log4j – Uncontrolled resource consumption

CVE-2021-45105 is an uncontrolled resource consumption vulnerability impacting Apache Log4j2 versions 2.0-alpha1 through 2.16.0. A proof of concept (PoC) and a fully automated scanner pertaining to CVE-2021-45105 was observed in open source.

Summary:

CVE-2021-45105 is an uncontrolled resource consumption vulnerability impacting Apache Log4j2 versions 2.0-alpha1 through 2.16.0. A proof of concept (PoC) and a fully automated scanner pertaining to CVE-2021-45105 was observed in open source.

PoC Links(if available):

Twitter: vx-underground PoC information –

Known Counter Measures:

Apache addressed the vulnerability in Log4j version 2.17.0.

Links to patches(if available)

https://logging.apache.org/log4j/2.x/security.html