January 21, 2022

SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

, SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

Catastrophic Log4j Security Fail Threatens Enterprise Systems & Web Apps Worldwide via @sejournal, @mirandalmwrites

Share This :
, SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs
, SEO, Wordpress Support & Insurance, Mortgage, Loans, Legal, Etc Blogs

A serious code execution vulnerability in Log4j has security experts warning of potentially catastrophic consequences for enterprise organizations and web apps.

The vulnerability, listed as CVE-2021-44228 in the Apache Log4j Security Vulnerabilities log, enables remote attackers to take control of an affected system.

Log4j is an open source Apache logging system framework used by developers for recordkeeping within an application.

The exploit is dead simple. The attacker sends a malicious code string that, when logged by Log4j, allows the attacker to load Java on the server and take control.

Wired reports that attackers were using Minecraft’s chat function to exploit the vulnerability Friday afternoon.

Advertisement

Continue Reading Below

The issue is so severe that the United States Cybersecurity & Infrastructure Security Agency released a notice December 10 that states, in part:

“CISA encourages users and administrators to review the Apache Log4j 2.15.0 Announcement and upgrade to Log4j 2.15.0 or apply the recommended mitigations immediately.”

The log referenced above classifies the severity of the issue as ‘Critical’ and describes it as:

“Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints.

An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.”

Advertisement

Continue Reading Below

Story developing.


Featured image: Shutterstock/solarseven

Share This :