-
-
Notifications
You must be signed in to change notification settings - Fork 168
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
create blog post discussing follow up issues for cve
- Loading branch information
1 parent
3f604c2
commit da858ef
Showing
3 changed files
with
85 additions
and
1 deletion.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
docs/blog/2021-12-14-log4j-zero-day-update-on-CVE-2021-45046.mdx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,84 @@ | ||
| --- | ||
| title: "Log4Shell Update: Severity Upgraded 3.7 -> 9.0 for Second log4j Vulnerability (CVE-2021-45046)" | ||
| description: . | ||
| slug: log4j-zero-day-update-on-cve-2021-45046 | ||
| date: 2021-12-14 | ||
| image: https://www.lunasec.io/docs/img/log4shell-logo.png | ||
| keywords: [log4shell, log4j, log4j2, rce, java, zero-day, mitigation] | ||
| authors: | ||
| - name: Free Wortley | ||
| title: CEO at LunaSec | ||
| url: https://github.com/freeqaz | ||
| image_url: https://github.com/freeqaz.png | ||
| tags: [zero-day, security, data-security, data-breaches, guides] | ||
| - name: Chris Thompson | ||
| title: Developer at Lunasec | ||
| url: https://github.com/breadchris | ||
| image_url: https://github.com/breadchris.png | ||
| - name: Forrest Allison | ||
| title: Developer at LunaSec | ||
| url: https://github.com/factoidforrest | ||
| image_url: https://github.com/factoidforrest.png | ||
|
|
||
| --- | ||
| <!-- | ||
| ~ Copyright by LunaSec (owned by Refinery Labs, Inc) | ||
| ~ | ||
| ~ Licensed under the Creative Commons Attribution-ShareAlike 4.0 International | ||
| ~ (the "License"); you may not use this file except in compliance with the | ||
| ~ License. You may obtain a copy of the License at | ||
| ~ | ||
| ~ https://creativecommons.org/licenses/by-sa/4.0/legalcode | ||
| ~ | ||
| ~ See the License for the specific language governing permissions and | ||
| ~ limitations under the License. | ||
| ~ | ||
| --> | ||
|
|
||
|  | ||
|
|
||
| **Just trying to fix this? Please read our dedicated | ||
| [Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide).** | ||
|
|
||
| The Log4j team has previously released the version 2.15.0 to address the original Log4Shell vulnerability. The original | ||
| security page was updated to adjust the vulnerability CVE-2021-45046 severity from 3.7 to 9.0. | ||
|
|
||
| The Log4j 2.15.0 version was | ||
|
|
||
| <!--truncated--> | ||
|
|
||
|
|
||
|
|
||
| ## Stay Updated | ||
|
|
||
| Please follow us on [Twitter](https://twitter.com/LunaSecIO) or add yourself to our mailing list below, and we'll | ||
| update you when we publish new findings. | ||
|
|
||
| And if this post helped you, please share it with others to help them too. | ||
|
|
||
| import ContactForm from '../src/components/ContactForm.jsx' | ||
|
|
||
| <ContactForm/> | ||
|
|
||
| ## Additional Information | ||
|
|
||
| We have published a series of posts about Log4Shell on our blog that you might be interested in: | ||
| - **[Mitigation Guide](https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/)**, | ||
| - **[Original Log4Shell Announcement](https://www.lunasec.io/docs/blog/log4j-zero-day/)**, | ||
| - **[Part 1: Log4Shell Live Patch (Background Context)](https://www.lunasec.io/docs/blog/log4shell-live-patch/)**, | ||
| - **[Part 2: Log4Shell Live Patch (Technical Deep-Dive)](https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/)** | ||
|
|
||
| ### Limited Offer: Free Security Assistance | ||
|
|
||
| We're also currently offering a free 30-minute consultation with one of our Security Engineers. If you're interested, | ||
| please [book some time with us here](https://lunasec.youcanbook.me/). | ||
|
|
||
| ## Updates | ||
|
|
||
| :::info | ||
| We're continuously keeping this post up-to-date as new information comes out. If you have any questions, or you're | ||
| confused about our advice, please [file an Issue](https://github.com/lunasec-io/lunasec/issues) on GitHub. | ||
|
|
||
| If you would like to contribute, or notice any errors, this post is an Open Source Markdown file on | ||
| [GitHub](https://github.com/lunasec-io/lunasec/blob/master/docs/blog/2021-12-14-log4j-zero-day-update-on-CVE-2021-45046.mdx). | ||
| ::: |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.