Apache Log4J vulnerability
15. Dez 2021

Update: Workaround from Oracle to bypass Log4j vulnerability not reliable

 

According to the latest update from Oracle, the previously communicated workaround to bypass the Log4j vulnerability is NOT working properly. They are still working at high pressure to find a solution to this problem. We are in constant exchange with Oracle and will inform you about any development in our news.

Statement from Oracle:

"A new CVE-2021-45046 was released, affecting org.apache.logging.log4j:log4j-core package, versions prior to 2.16.0.
The new CVE identified:

  • The fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations
  • The previous workaround, involving the addition of "-Dlog4j2.formatMsgNoLookups=true" JVM parameter, does NOT mitigate this specific vulnerability."

Note: For an overview of possible affected vendors, click here:

proadvise GmbH
Brühlweg 4
73663 Berglen

Newsletter

Melden Sie sich hier an zu unserem Newsletter und sichern Sie sich Ihren Wissensvorsprung!

Jetzt anmelden

Copyright © 2020 proadvise.com - Alle Rechte vorbehalten.
Design und Programmierung webart-IT UG (haftungsbeschränkt)