Incomplete fix for CVE-2021-3100: Apache Log4j hotpatch package fails to fully address vulnerability

Incomplete fix for CVE-2021-3100: Apache Log4j hotpatch package fails to fully address vulnerability

CVE-2022-0070 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Incomplete fix for CVE-2021-3100. The Apache Log4j hotpatch package starting with log4j-cve-2021-44228-hotpatch-1.1-16 will now explicitly mimic the Linux capabilities and cgroups of the target Java process that the hotpatch is applied to.

Learn more about our Cis Benchmark Audit For Apache Http Server.