A major security breach puts many servers on the Internet at risk

Computer security experts warned of significant software vulnerabilities on Friday, November 10th Puts a large number of servers at risk (Computers providing services and websites).

Known as “Log4Shell”, this security flaw applies to many versions of Apache, one of the key software used to run servers. More specifically, the vulnerability was detected by Log4j, a library that uses the Java language to record information on the server, such as error reports or link data. Many experts have found that you can send a link to a web page to the server and read the contents of that page in the bookstore. If this page contains code in Java, it can be executed on the server.

Vulnerabilities that allow the remote computer code to work on the computer (Remote code implementation), Such as Log4Shell are particularly vulnerable because they may allow an attacker to access a server.

Update published

According to Special site Sleeping Computer, Vulnerability was discovered on November 24 by Chen Jajun, an expert for the Chinese company Alibaba, and reported to Apache. A correction Published by the company, But it is the responsibility of the server owners to use this update to prevent the attacker from exploiting this vulnerability. Warning also sounded by CERT (to Computer Emergency Response Team, Monitoring centers responsible for real-time monitoring of threats and software vulnerabilities) in many countries, Including France.

An accurate list of vulnerable services is not yet established, but servers used by iCloud, Apple’s online hosting service, as well as the Steam video game store and the ever-popular game. Minecraft Can worry. Mojang, editor Minecraft, Has already issued an alert on its site and is inviting all server owners Make updates.