Home Page Faq Other Information Security Issues
Search By Category
Search By Keyword
Other Information Security Issues
Apache Log4j 漏洞警示

Apache Log4j is a Java logging tool. Due to the official confirmation of the previous vulnerability (CVE-2021-44228), the patch (version 2.15.0) has not completely patched the vulnerability (this vulnerability warning is NCCST released on 2021/12/13 -ANA-2021-0000612 alert), resulting in a security vulnerability in the updated Log4j (the new vulnerability number is CVE-2021-45046), attackers can use the vulnerability to remotely execute arbitrary programs by sending specially crafted JNDI lookup messages code or leak information


[Affects platforms using this mod:]
Apache Log4j 2.0-beta9 to 215.0 (inclusive), but not 2.12.2


[Suggested action:]
Currently, Apache Log4j official website has released an update program for this vulnerability, please confirm and update the version (Java 7 users update to Log4j 2.12.2, Java 8 users update to Log4j 2.16.0):
https://logging.apache.org/log4j/2.x/security.html


Hexiang Information has not adopted and used Apache Log4j related services, relevant supporting documents

HERHSIANG Firewall and Email Security Device Proof


Total
1

HERHSIANG Information Co., Ltd. (Uniform number: 13167798)

 88673494097  88673596785  service@herhsiang.com

 3F, No.5, Dinghe St., Sanmin District, Kaohsiung City Taiwan  

Business hours: Monday ~ Friday 8:30 ~ 12:00 / 13:30 ~ 1800 

(Except holidays and national holidays)
Copyright © 2002~2024