Test ID:	1.3.6.1.4.1.25623.1.0.117850
Category:	Web application abuses
Title:	Elastic Logstash Multiple Log4j Vulnerabilities (Dec 2021)
Summary:	Elastic Logstash is prone to multiple vulnerabilities in the; Apache Log4j library.
Description:	Summary: Elastic Logstash is prone to multiple vulnerabilities in the Apache Log4j library. Vulnerability Insight: The following vulnerabilities exist: CVE-2021-45046: Denial of Service (DoS) and a possible remote code execution (RCE) in certain non-default configurations. CVE-2021-45105: Apache Log4j2 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. Vulnerability Impact: The vendor states that there is no impact in all currently supported versions with default configurations. To avoid unknown risks it is still recommended to apply the updates or workarounds provided by the vendor. Affected Software/OS: Elastic Logstash version 5.x through 7.x. Solution: Update to version 6.8.22, 7.16.2 or later. CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-45046 https://security.gentoo.org/glsa/202310-16 20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd DSA-5022 https://www.debian.org/security/2021/dsa-5022 FEDORA-2021-5c9d12a93e https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/ FEDORA-2021-abbe24e41c https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/ VU#930724 https://www.kb.cert.org/vuls/id/930724 [oss-security] 20211214 CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack http://www.openwall.com/lists/oss-security/2021/12/14/4 [oss-security] 20211215 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack http://www.openwall.com/lists/oss-security/2021/12/15/3 [oss-security] 20211218 Re: CVE-2021-45046: Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack http://www.openwall.com/lists/oss-security/2021/12/18/1 https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf https://logging.apache.org/log4j/2.x/security.html https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 https://www.cve.org/CVERecord?id=CVE-2021-44228 https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html https://www.oracle.com/security-alerts/alert-cve-2021-44228.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujul2022.html Common Vulnerability Exposure (CVE) ID: CVE-2021-45105 CERT/CC vulnerability note: VU#930724 Cisco Security Advisory: 20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021 https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf https://security.netapp.com/advisory/ntap-20211218-0001/ Debian Security Information: DSA-5024 (Google Search) https://www.debian.org/security/2021/dsa-5024 https://www.zerodayinitiative.com/advisories/ZDI-21-1541/ http://www.openwall.com/lists/oss-security/2021/12/19/1
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.