HOW TO MITIGATE CVE-2021-45046- A NEW LOG4SHELL VULNERABILITY IN LOG4J LIBRARY

THESECMASTER

THESECMASTER

Security researchers disclosed a new vulnerability Log4j library. This vulnerability allows attackers to perform denial of service (DOS) attacks by crafting malicious input data using a JNDI Lookup pattern.

1. What Is JNDI?
2. Summary Of CVE-2021-45046- A New Log4Shell Vulnerability:
3. Log4j Versions Vulnerable To The CVE-2021-45046 Log4Shell Vulnerability:
4. Who Are Impacted By The CVE-2021-45046 Log4Shell Vulnerability?
5. How To Mitigate CVE-2021-45046- A New Log4Shell Vulnerability?
5. 1. Permanent Fix:
5. 2. Mitigation Actions:

Table of Contents

THESECMASTER

There are a couple of ways to mitigate CVE-2021-45046 (New Log4Shell Vulnerability) which is not fixed in CVE-2021-44228 Log4Shell Vulnerability.

1. Remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

2. Disable JNDI

Mitigation Actions:

Tumblr

Telegram

Medium

Twitter

LinkedIn

Facebook

FOLLOW US:

THESECMASTER