Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-45105
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
Apache Log4j2 does not always protect from infinite recursion in lookup evaluation
Source: NVD (National Vulnerability Database)
Vulnerability Description
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
输入验证不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Log4j 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4j2 2.0-alpha1到2.16.0版本(不包括2.12.3)存在安全漏洞,该漏洞源于自引用查找的不受控递归。攻击者可利用该漏洞在解释精心编制的字符串时导致拒绝服务。此问题已在2.17.0 和 2.12.3中修复。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
Apache Software FoundationApache Log4j2 log4j-core ~ 2.17.0 -
II. Public POCs for CVE-2021-45105
#POC DescriptionSource LinkShenlong Link
1Log4j_dos_CVE-2021-45105https://github.com/cckuailong/Log4j_dos_CVE-2021-45105POC Details
2Nonehttps://github.com/pravin-pp/log4j2-CVE-2021-45105POC Details
3Replicating CVE-2021-45105https://github.com/tejas-nagchandi/CVE-2021-45105POC Details
4log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service pochttps://github.com/iAmSOScArEd/log4j2_dos_exploitPOC Details
5Nonehttps://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105POC Details
6Nonehttps://github.com/dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105POC Details
7Nonehttps://github.com/dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105-vPOC Details
8Nonehttps://github.com/dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1POC Details
9Discover and remediate Log4Shell vulnerability [CVE-2021-45105]https://github.com/sakuraji-labs/log4j-remediationPOC Details
10Discover and remediate Log4Shell vulnerability [CVE-2021-45105]https://github.com/name/log4j-remediationPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-45105
Please Login to view more intelligence information
New Vulnerabilities
Product: Apache Log4j2
Vendor: Apache Software Foundation
Same weakness: CWE-20
V. Comments for CVE-2021-45105

No comments yet

Leave a comment