HOW TO MITIGATE CVE-2021-45046- A NEW LOG4SHELL VULNERABILITY IN LOG4J LIBRARY
THESECMASTER
THESECMASTER
Security researchers disclosed a new vulnerability Log4j library. This vulnerability allows attackers to perform denial of service (DOS) attacks by crafting malicious input data using a JNDI Lookup pattern.
1. What Is JNDI?
2. Summary Of CVE-2021-45046- A New Log4Shell Vulnerability:
3. Log4j Versions Vulnerable To The CVE-2021-45046 Log4Shell Vulnerability:
4. Who Are Impacted By The CVE-2021-45046 Log4Shell Vulnerability?
5. How To Mitigate CVE-2021-45046- A New Log4Shell Vulnerability?
5. 1. Permanent Fix:
5. 2. Mitigation Actions:
Table of Contents
There are a couple of ways to mitigate CVE-2021-45046 (New Log4Shell Vulnerability) which is not fixed in CVE-2021-44228 Log4Shell Vulnerability.
1. Remove the JndiLookup class from the classpath: zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
2. Disable JNDI
Mitigation Actions:
Tumblr
Telegram
Medium
Twitter
LinkedIn
Facebook
FOLLOW US:
THESECMASTER