Tag: CVE-2021-44228

AWS Log4Shell PATCH VULNERABLE TO CONTAINER ESCAPE AND PRIV ESCALATION

Posted on By topbento No Comments on AWS Log4Shell PATCH VULNERABLE TO CONTAINER ESCAPE AND PRIV ESCALATION
Cloud, News, Vulnerability

AWS released several hot patches to mitigate vulnerability to log4shell. Unfortunately Unit 42 at Palo Alto identified several severe vulnerabilities with their fixes, including container escape which is pretty much the holy grail of a cloud vulnerability. If you are not familiar, cloud infrastructure works by having a lot of hardware that is effectively “shared” … Read More “AWS Log4Shell PATCH VULNERABLE TO CONTAINER ESCAPE AND PRIV ESCALATION” »

SEVERITY UPGRADE for Log4Shell CVE-2021-45046

Posted on By topbento No Comments on SEVERITY UPGRADE for Log4Shell CVE-2021-45046
News, Vulnerability

Log4j appears to be the gift that keeps on giving. The severity score for the second Log4j vulnerability, CVE-2021-45046, has been upgraded from a CVSS score of 3.7 to 9.0. The fix for the original CVE-2021-44228 in Apache Log4j has been found to be incomplete allowing for Remote Code Execution in certain configurations. LunaSec blog … Read More “SEVERITY UPGRADE for Log4Shell CVE-2021-45046” »