Provides hackers with the ability to send handled requests to vulnerable web servers or applications. For the attack to work, the respective system must obtain a string and register the request with Log4j. You can take over a server completely by executing any code.
The vulnerability puts many services at risk
The problem does not only affect services written in Java. If some libraries and Java dependencies are used, web applications implemented with the help of another programming language may also be affected. According to the developer’s list, well-known services such as Apple iCloud, Steam, Twitter, many Amazon services, Minecraft, CloudFlare and Apache operating systems are also at risk.
Since Log4j is the most popular log library, most Java programs should be vulnerable. Log4j versions 2.0-beta9 to 2.14.1 are vulnerable. To test whether developers are vulnerable to their own project, developers can go This script To fall back.
The vulnerability is listed under the name CVE-2021-44228, which was later corrected. The developers worked on a patch and integrated the code into the registry library with version 2.15. If you still do not have the opportunity to incorporate the update into your program, you may need to temporarily disable Log4j’s JNDI functionality.
More news about Java:
“Avid writer. Subtly charming alcohol fanatic. Total twitter junkie. Coffee enthusiast. Proud gamer. Web aficionado. Music advocate. Zombie lover. Reader.”