CVE-2021-45046— Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-45046
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Apache Log4j2 Thread Context Message Pattern and Context Lookup Pattern vulnerable to a denial of service attack
Source: NVD (National Vulnerability Database)
Vulnerability Description
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) input data when the logging configuration uses a non-default Pattern Layout with either a Context Lookup (for example, $${ctx:loginId}) or a Thread Context Map pattern (%X, %mdc, or %MDC) to craft malicious input data using a JNDI Lookup pattern resulting in an information leak and remote code execution in some environments and local code execution in all environments. Log4j 2.16.0 (Java 8) and 2.12.2 (Java 7) fix this issue by removing support for message lookup patterns and disabling JNDI functionality by default.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
表达式语言语句中使用的特殊元素转义处理不恰当(表达式语言注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Apache Log4j 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Apache Log4j是美国阿帕奇(Apache)基金会的一款基于Java的开源日志记录工具。 Apache Log4j 2.15.0版本存在代码问题漏洞,该漏洞源于当日志配置使用非默认模式布局和上下文查找或线程上下文映射模式使用 JNDI 查找模式制作恶意输入数据,从而导致拒绝服务攻击。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Apache Software Foundation | Apache Log4j | Apache Log4j2 ~ 2.16.0 | - |
II. Public POCs for CVE-2021-45046
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | Windows Server Log4j Scanner - Powershell - CVE-2021-45046 and CVE-2021-44228 | https://github.com/X1pe0/Log4J-Scan-Win | POC Details |
| 2 | Log4j 2.15.0 Privilege Escalation -- CVE-2021-45046 | https://github.com/cckuailong/Log4j_CVE-2021-45046 | POC Details |
| 3 | Oh no another one | https://github.com/BobTheShoplifter/CVE-2021-45046-Info | POC Details |
| 4 | Replicating CVE-2021-45046 | https://github.com/tejas-nagchandi/CVE-2021-45046 | POC Details |
| 5 | None | https://github.com/pravin-pp/log4j2-CVE-2021-45046 | POC Details |
| 6 | Public testing data. Samples of log4j library versions to help log4j scanners / detectors improve their accuracy for detecting CVE-2021-45046 and CVE-2021-44228. TAG_TESTING, OWNER_KEN, DC_PUBLIC | https://github.com/mergebase/log4j-samples | POC Details |
| 7 | A simple script to remove Log4J JndiLookup.class from jars in a given directory, to temporarily protect from CVE-2021-45046 and CVE-2021-44228. | https://github.com/lukepasek/log4jjndilookupremove | POC Details |
| 8 | None | https://github.com/ludy-dev/cve-2021-45046 | POC Details |
| 9 | Log4j 漏洞本地检测脚本。 Scan all java processes on your host to check whether it's affected by log4j2 remote code execution vulnerability (CVE-2021-45046) | https://github.com/lijiejie/log4j2_vul_local_scanner | POC Details |
| 10 | Log4Shell(CVE-2021-45046) Sandbox Signature | https://github.com/CaptanMoss/Log4Shell-Sandbox-Signature | POC Details |
| 11 | None | https://github.com/shaily29-eng/CyberSecurity_CVE-2021-45046 | POC Details |
| 12 | Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-45046.yaml | POC Details |
| 13 | Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. | https://github.com/projectdiscovery/nuclei-templates/blob/main/dast/cves/2021/CVE-2021-45046.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-45046
请登录查看更多情报信息。
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032x_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
- https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
- https://logging.apache.org/log4j/2.x/security.htmlx_refsource_CONFIRM
- https://www.cve.org/CVERecord?id=CVE-2021-44228x_refsource_MISC
- https://www.oracle.com/security-alerts/alert-cve-2021-44228.htmlx_refsource_CONFIRM
- https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SIG7FZULMNK2XF6FZRU4VWYDQXNMUGAJ/vendor-advisoryx_refsource_FEDORA
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EOKPQGV24RRBBI4TBZUDQMM4MEH7MXCY/vendor-advisoryx_refsource_FEDORA
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisoryx_refsource_CISCO
- https://nvd.nist.gov/vuln/detail/CVE-2021-45046
Same Patch Batch · Apache Software Foundation · 2021-12-14 · 3 CVEs total
| CVE-2021-4104 | Deserialization of untrusted data in JMSAppender in Apache Log4j 1.2 | |
| CVE-2021-44549 | SMTPS server hostname not checked when making TLS connection to SMTPS server |
IV. Related Vulnerabilities
Same vendor: Apache Software Foundation
- CVE-2026-39816
Apache NiFi: Missing Execute Code Required Permission on Tin - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro - CVE-2026-25077
Apache CloudStack: Unauthenticated Command Injection in Dire - CVE-2025-69233
Apache CloudStack: Domain/account resources limits not honor - CVE-2025-66467
Apache CloudStack: MinIO policy remains intact on bucket del
Same weakness: CWE-917
- CVE-2026-41705
Spring AI MilvusVectorStore 注入漏洞影响 1.0.x-1.1.x - CVE-2026-41883
OmniFaces: EL injection via crafted resource name in wildcar - CVE-2026-42811
Apache Polaris: could broaden vended GCS credentials through - CVE-2026-40478
Improper neutralization of specific syntax patterns for unau - CVE-2026-40477
Improper restriction of the scope of accessible objects in T
V. Comments for CVE-2021-45046
No comments yet