DSA-5022-1 apache-log4j2 -- apache-log4j2ID: oval:org.secpod.oval:def:605707 | Date: (C)2021-12-16 (M)2023-11-10 |
Class: PATCH | Family: unix |
It was found that the fix to address CVE-2021-44228 in Apache Log4j, a Logging Framework for Java, was incomplete in certain non-default configurations. This could allow attackers with control over Thread Context Map input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup or a Thread Context Map pattern to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service attack.
Platform: |
Debian 10.x |
Debian 11.x |