Log4Shell ( CVE-2021-44228) was a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The Log4j exploit began as a single vulnerability, but it became a series of issues involving Log4j and the Java Naming and Directory Interface (JNDI) interface, which is the root cause of the exploit. Log4j didn't get much attention until December 2021, when a series of critical vulnerabilities were publicly disclosed.On the other hand, it’s an open-source package. Log4j is written in Java, which means it doesn’t intrinsically have protections like DEP and ASLR. Log4Shell, a critical security flaw in Log4j, an open source logging software used in everything.
Logj4 The Log4j vulnerability-first reported on Friday- is turning out to be a cybersecurity nightmare that likely impacts a wide range of products from Apple’s iCloud to Twitter to Microsoft’ Minecraft and a number of other enterprise products.
0 kommentar(er)
