VDB
DEBIAN-CVE-2021-45105
DEBIAN-CVE-2021-45105
PUBLISHED
CVSS 5.900000095367432 MEDIUM
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Risk Scores
CVSS 3.1
5.900000095367432
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | apache-log4j2 | 0, 0, 0 |
| Debian:13 | apache-log4j2 | 0, 0, 0 |
| Debian:11 | apache-log4j2 | 2.16.0-1, 2.16.0-1, 2.16.0-1 |
| Debian:14 | apache-log4j2 | 0, 0, 0 |
Exploit Intelligence
- Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) (github-poc-repo)
- A vulnerable Spring Boot application that uses log4j and is vulnerable to CVE-2021-44228, CVE-2021-44832, CVE-2021-45046 and CVE-2021-45105 (github-poc-repo)
- Fastest filesystem scanner for log4shell (CVE-2021-44228, CVE-2021-45046) and other vulnerable (CVE-2017-5645, CVE-2019-17571, CVE-2022-23305, CVE-2022-23307 ... ) instances of log4j library. Excellent performance and low memory footprint. (github-poc-repo)
- Discover and remediate Log4Shell vulnerability [CVE-2021-45105] (github-poc)
- dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105-1 (github-poc)
- dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105-v (github-poc)
- dileepdkumar/https-github.com-dileepdkumar-https-github.com-pravin-pp-log4j2-CVE-2021-45105 (github-poc)
- dileepdkumar/https-github.com-pravin-pp-log4j2-CVE-2021-45105 (github-poc)
- log4j2 dos exploit,CVE-2021-45105 exploit,Denial of Service poc (github-poc)
- Replicating CVE-2021-45105 (github-poc)
…and 6 more exploits
Timeline
- Dec 18, 2021 CVE Published
- Apr 28, 2026 CVE Updated