Details | |
---|---|
Alert ID | 40043-2 |
Alert Type | Active |
Status | release |
Risk | High |
CWE | 117 |
WASC | 20 |
Technologies Targeted |
Language / Java |
Tags |
CVE-2021-45046 CWE-117 OUT_OF_BAND OWASP_2017_A09 OWASP_2021_A06 WSTG-V42-INPV-11 |
More Info |
Scan Rule Help |
Summary
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments.