The popular Apache Log4j log library has extreme zero day vulnerability. Attackers who run malicious code on a computer can abuse it.
Systems that use Apache Log4j to support the registration process are at risk of zero zero day exposure. That’s what security analysts say Lunacek. They call the vulnerability Log4Shell. Officially she goes on with her life CVE-2021-44228.
Take the server
The attacker allows the attacker to operate the code remotely without permission. In practice, this translates an entire server into hacker-capable attacks. Apache Log4j 2.0 to 2.14.1 is compromised. As the library becomes more popular, many services will be affected. The bug was first discovered in the Minecraft game, but also affects cloud applications. CERT New Zealand Warns The pest is already actively exploited in the wild.
Fortunately, a simple upgrade to Log4j 2.15.0-rc1 can avoid the risk. You can also reduce the risk log4j2.formatMsgNoLookups Worse True By extending the JVM command to start the application Dlog4j2.formatMsgNoLookups = True. This can have an impact on the process. It is recommended that action be taken in any case as criminals take advantage of the problem.
“Introvert. Communicator. Tv fanatic. Typical coffee advocate. Proud music maven. Infuriatingly humble student.”