QID 198626

Date Published: 2022-01-13

QID 198626: Ubuntu Security Notification for Apache Log4j 2 Vulnerabilities (USN-5222-1)

Apache log4j 2 was vulnerable to remote codeexecution (rce) attack when configured to use a jdbc appender with ajndi ldap data source uri.
Apache log4j 2 did notprotect against infinite recursion in lookup evaluation.

A remote attacker could possibly use this issue tocause a crash, leading to a denial of service.
A remote attackercould possibly use this issue to cause apache log4j 2 to crash, leading toa denial of service.

  • CVSS V3 rated as High - 6.6 severity.
  • CVSS V2 rated as High - 6 severity.
  • Solution
    Refer to Ubuntu security advisory USN-5222-1 for updates and patch information.
    Vendor References

    CVEs related to QID 198626

    Software Advisories
    Advisory ID Software Component Link
    USN-5222-1 Ubuntu Linux URL Logo ubuntu.com/security/notices/USN-5222-1