| Details | |
|---|---|
| Alert Id | 40043-2 |
| Alert Type | Active |
| Status | beta |
| Risk | High |
| CWE | 117 |
| WASC | 20 |
| Technologies Targeted |
Language / Java |
| Tags |
CVE-2021-45046 OUT_OF_BAND OWASP_2017_A09 OWASP_2021_A06 WSTG-V42-INPV-11 |
Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.