| عنوان | Zeroday Exploit in Apache Log4j |
|---|
| الوصف | A few hours ago, a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string.
Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe.
The 0-day was tweeted along with a POC posted on GitHub. Since this vulnerability is still very new, there isn't a CVE to track it yet.
This post provides resources to help you understand the vulnerability and how to mitigate it for yourself
Source:
https://www.lunasec.io/docs/blog/log4j-zero-day/
https://twitter.com/P0rZ9/status/1468949890571337731
https://github.com/tangxiaofeng7/apache-log4j-poc |
|---|
| المصدر | ⚠️ https://www.lunasec.io/docs/blog/log4j-zero-day/ |
|---|
| المستخدم | CSieberg (UID 13359) |
|---|
| ارسال | 10/12/2021 09:09 AM (5 سنوات منذ) |
|---|
| الاعتدال | 10/12/2021 09:14 AM (5 minutes later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 187925 [Apache log4j حتى 2.14.1 JNDI LDAP Server Lookup Log4Shell/LogJam تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|