CVE-2021-45105 – Apache / Log4j – Uncontrolled resource consumption
CVE-2021-45105 is an uncontrolled resource consumption vulnerability impacting Apache Log4j2 versions 2.0-alpha1 through 2.16.0. A proof of concept (PoC) and a fully automated scanner pertaining to CVE-2021-45105 was observed in open source.
Summary:
CVE-2021-45105 is an uncontrolled resource consumption vulnerability impacting Apache Log4j2 versions 2.0-alpha1 through 2.16.0. A proof of concept (PoC) and a fully automated scanner pertaining to CVE-2021-45105 was observed in open source.
PoC Links(if available):
Twitter: vx-underground PoC information –
New exploit on Friday, as is tradition: Researchers have discovered Log4J version 2.16 is vulnerable to DoS via "${${::-${::-$${::-j}}}}"
More info: https://t.co/pzeWiQEa68
— vx-underground (@vxunderground) December 17, 2021
Known Counter Measures:
Apache addressed the vulnerability in Log4j version 2.17.0.
Links to patches(if available)
https://logging.apache.org/log4j/2.x/security.html