![]() Millions of applications use it, and some of them are enormously popular-such as iCloud, Steam, and Minecraft-so the potential reach of this problem is enormous.Ī logger is a piece of software that keeps a record of what's happed on some part of a computer system. ![]() Log4j is an open source logging library written in Java that was developed by the Apache Software Foundation. Mitigations are available for version 2.10 and higher. It impacts Apache Log4j versions 2.0-beta9 to 2.14.1. The vulnerability has a CVSS score of 10.0 out of a possible 10. For that reason, researchers have dubbed the vulnerability "Log4Shell". All an attacker has to do is get the affected app to log a special string. ![]() The exploit is simple, easy to trigger, and can be used to perform remote code execution (RCE) in vulnerable systems, which could allow an attacker to gain full control of them. If you're running a service that relies on Apache Struts or uses the popular Apache Log4j utility we hope you haven't made plans for the weekend.Īn exploit listed as CVE-2021-44228 was made public on December 9, 2021.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |