Second Log4j vulnerability CVE 2021-45046 discovered, patch already released


A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228.

The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was “incomplete in certain non-default configurations.”

“This could allow attackers… to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack,” the CVE description says.

Read more…
Source: ZDNet