The Apache Software Foundation has released a new patch for Log4j, a Java-based logging tool that has witnesses vulnerabilities targeted by hackers since December 13.
Log4j 2.17.1, the fifth update this month, addresses a new RCE flaw found in 2.17.0. CVE-2021-44832 allows an attacker with permission to modify the logging configuration file to create a malicious configuration that allows RCE. The vulnerability impacts all Log4j versions from 2.0-alpha7 to 2.17.0, except 2.12.4 and 2.3.2.
The new vulnerability has been fixed by limiting the names of JDNI data sources to the Java protocol in Log4j version 2.17.1 and patches for earlier releases, 2.3.2 for Java 6 and 2.12.4 for Java 8.
Read More: Siliconangle
For more such updates follow us on Google News ITsecuritywire News