(Updated December 28, 2021) Organizations are urged to upgrade to Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), and review and monitor the Apache …Log4j 2 is a commonly used open source third party Java logging library used in software applications and services.
The end result: Log4j will interpret a log message as a URL, go and fetch it, and even execute any executable payload it contains with the full privileges of the main program.On the other hand, it’s an open-source package. Log4j is written in Java, which means it doesn’t intrinsically have protections like DEP and ASLR. Log4Shell was given a 10/10 critical rating and is tracked as CVE-2021-44228. First disclosed on 9 December 2021, the zero-day vulnerability in the ubiquitous Java logger Log4j 2, known as Log4Shell, sent shockwaves throughout the information security industry as businesses and other organisations scrambled to patch the much-feared flaw.
0 kommentar(er)
