On Friday, Apache released another clip – version 2.17 – with another error in the log4j logging library, this time due to a DoS bug.
The problem comes in threes, and this is the third log4j. The latest disruption is no different from the Log4Shell remote-code execution (RCE) bug that has plagued IT teams since 10 Dec. denial-of-service (DoS) in the first episode of Apache.
It has the same, however: The new bug affects the same part as the Log4Shell bug. Both Log4Shell, is tracked as CVE-2021-44228 (critical CVSS 10.0) and a new bug, tracked as CVE-2021-45105 (CVSS score: 7.5) to monitor attack controls in the embedded data.
Read More: Threatpost
For more such updates follow us on Google News ITsecuritywire News