Debian Security Update DSA-5024 apache-log4j2 - security update

Thread starter LinuxBot
Start date Dec 19, 2021

LinuxBot

Member

Dec 19, 2021

It was found that Apache Log4j2, a Logging Framework for Java, did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a denial of service.

Continue reading...

You must log in or register to reply here.

Facebook X (Twitter) Reddit Pinterest Tumblr WhatsApp Email Link

Members online

osprey

Total: 822 (members: 1, guests: 821)

Latest posts

LibreOffice cannot save to NTFS formatted partition.
- Latest: APTI
- 19 minutes ago
General Linux Questions
Not exactly security related But!
- Latest: Condobloke
- 21 minutes ago
Linux Security
Why Your VPN May Not Be As Secure As It Claims
- Latest: Condobloke
- 30 minutes ago
Linux Security
T
Post a screenshot of your Desktop
- Latest: The Duck
- Today at 9:57 PM
Desktop
After purchasing a laptop for Linux, before flipping the switch...
- Latest: Egzoset
- Today at 9:51 PM
Getting Started

Top