Third Log4J Bug Can Trigger DoS; Apache Issues Patch

43
Third Log4J Bug Can Trigger DoS; Apache Issues Patch

On Friday, Apache released another clip – version 2.17 – with another error in the log4j logging library, this time due to a DoS bug.

The problem comes in threes, and this is the third log4j. The latest disruption is no different from the Log4Shell remote-code execution (RCE) bug that has plagued IT teams since 10 Dec. denial-of-service (DoS) in the first episode of Apache.

It has the same, however: The new bug affects the same part as the Log4Shell bug. Both Log4Shell, is tracked as CVE-2021-44228 (critical CVSS 10.0) and a new bug, tracked as CVE-2021-45105 (CVSS score: 7.5) to monitor attack controls in the embedded data.

Read More: Threatpost

For more such updates follow us on Google News ITsecuritywire News