The Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.1-13 didn’t mimic the permissions of the JVM being patched, allowing it to escalate privileges.
References
Link | Resource |
---|---|
https://alas.aws.amazon.com/AL2/ALAS-2021-1732.html | Vendor Advisory |
https://alas.aws.amazon.com/ALAS-2021-1554.html | Vendor Advisory |
https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: palo_alto
Published: 2022-04-19T00:00:00
Updated: 2022-05-11T16:30:21
Reserved: 2021-01-07T00:00:00
Link: CVE-2021-3100
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-04-19T23:15:13.020
Modified: 2022-10-06T16:08:27.933
Link: CVE-2021-3100
JSON object: View
Redhat Information
No data.