[image] 0x0021h @0x0021h Apache Log4j 2.x <= 2.14.1 RCE Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc. are all affected github.com/0x0021h/apache… #vulnerabilities #cybersecurity #infosec #BugBountyTip #BugBounty 1:44 AM - 10 Dec 2021 …

Zero-day-exploit in log4j2 which is part of elasticsearch

leandrojmp (Leandro Pereira) December 10, 2021, 3:54pm 3

I think this affect almost every version, 7.16.0, which was released this week, uses log4j-core-2.11.1.jar and log4j-api-2.11.1.jar.

One way of mitigation is to use the following line in the jvm.options file.

-Dlog4j2.formatMsgNoLookups=true

5 Likes

Topic		Replies	Views
Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31 Security Announcements	7	352097	November 4, 2022
CVE-2021-44228 aka log4shell is logstash and/or elasticsearch affected? Logstash	15	13894	January 12, 2022
About fix log4j2 vulnerabilities, use the parameter -Dlog4j2.formatMsgNoLookups=true Elasticsearch	2	1918	March 23, 2023
Regarding log4j vulnerability Elasticsearch docker	5	6520	February 2, 2022
Elasticsearch 5.0.0-5.6.10 and 6.0.0-6.3.2: Log4j CVE-2021-44228, CVE-2021-45046 remediation Security Announcements	1	33097	November 4, 2022