![]() ![]() ![]() An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.Log4j is a popular Java based logging library and is a part of Apache logging services.This is a remote code execution vulnerability in log4j when a specially crafted string is passed to the logger service.Ħth December 2021 : Apache Log4j released 2.15.0 version by patching Log4j vulnerabilityĩth December 2021 : PoC for RCE in Log4j was published on github and was made public on twitterġ1th December 2021 : Khonsari ransomware found in the wild exploiting Log4j vulnerabilityġ3th December 2021 : Apache Log4j releases version 2.16.0 to fix Log4j completely by disabling lookups via JNDI (Java Naming and Directory Interface) On December 9th, 2021, a critical vulnerability in Java based logging package “ Log4j” was disclosed and rated a CVSS score of 10.0 with the ID CVE-2021-44228.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |