DEV Community

Amit Mishra
Amit Mishra

Posted on

Log4j Vulnerability

Summary of the Vulnerability

On Dec. 9, 2021, a remote code execution (RCE) vulnerability in Apache log4j 2 was recognized as being taken advantage of in nature. Public proof of concept (PoC) code was delivered and the resulting examination uncovered that double-dealing was unbelievably simple to perform. By presenting a uniquely created solicitation to a weak framework, contingent upon how the framework is designed, an aggressor can teach that framework to download and consequently execute a malicious payload. Because of the disclosure of this adventure being so later, there are as yet numerous servers, both on-premises and inside cloud conditions, that presently can't seem to be fixed. In the same way, as other high seriousness RCE takes advantage of, hitherto, enormous checking movement for CVE-2021-44228 has started on the web with the aim of searching out and taking advantage of unpatched frameworks. We enthusiastically prescribe that associations move up to the most recent rendition (2.16.0) of Apache log4j 2 for all frameworks. This form additionally fixes the less extreme vulnerability CVE-2021-45046, found on Dec. 14.

Well explained article on the log4j2 vulnerability.

Log4j2 vulnerability

Still the team looking into and trying to root cause of this.

Top comments (0)