Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 2111

Critical vulnerability in Apache Log4j library

by midwxst - 11 December, 2021 - 08:44 PM
This post is by a banned member (midwxst) - Unhide
This post is by a banned member (H0Tx) - Unhide
H0Tx  
Registered
27
Posts
10
Threads
2 Years of service
#2
(This post was last modified: 18 December, 2021 - 04:16 PM by H0Tx.)
https://thehackernews.com/2021/12/extrem...ility.html

"The Apache Software Foundation has released fixes to contain an actively exploited zero-day vulnerability affecting the widely-used Apache Log4j Java-based logging library that could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems.

Tracked as CVE-2021-44228 and by the monikers Log4Shell or LogJam, the issue concerns a case of unauthenticated, remote code execution (RCE) on any application that uses the open-source utility and affects versions Log4j 2.0-beta9 up to 2.14.1. The bug has scored a perfect 10 on 10 in the CVSS rating system, indicative of the severity of the issue.

"An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled," the Apache Foundation said in an advisory. "From Log4j 2.15.0, this behavior has been disabled by default.""


For those interested in how to exploit it:

Medium article:
https://medium.com/geekculture/log4shell...2352612ca6

https://github.com/0x0021h/apache-log4j-rce
 https://github.com/YfryTchsGD/Log4jAttackSurface
https://github.com/HyCraftHD/Log4J-RCE-Proof-Of-Concept

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 1 Guest(s)