Collaborate Disseminate
It’s a Log4j bug, and you ought to patch it. But we don’t think it’s a critical crisis like the last one. Continue reading Log4Shell vulnerability Number Four: “Much ado about something”
First, thanks in advance and sorry if I’m asking some really silly thing, this is not my expertise 🙂
I have a webserver just for testing my things. Last week I checked if it was vulnerable to log4j CVE and it seemed only Jenkins was using… Continue reading successfull log4j exploitation, or just normal traffic?
Just curious who and how just added RCE into logging library and successfully merged this joke into master.
Is there any links or archives to original:
commit that added jndi
issue where someone asked for jndi support in log4j
pull reques… Continue reading Original Log4j commit that added jndi support into it [closed]
Recently, the log4j issue got a lot of attention. I run a chatbot web app that is not based on the JAVA stack. However, there is a backend component that analyzes the chatbot user input which is based on JAVA. I wonder to mitigate the log4… Continue reading Is removing the `${jndi:` string a mitigation of the log4j security issue?
/storage/emulated/0/Android/data/com.google.android.apps.maps/cache/diskcache/map_cache.db-wal
I don’t know what this is?
What is it
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency released Wednesday an advisory offering vendors and affected organizations a detailed guide on how to deal with potential risks to IT and cloud services posed by an exploit in Apache Log4j’s software library. “This joint CSA expands on the previously published guidance by detailing steps that vendors and organizations with IT and/or cloud assets should take to reduce the risk posed by these vulnerabilities,” the advisory states. The warning was issued alongside the FBI and National Security Agency and the security agencies of Five Eyes intelligence partners, Australia, Canada, New Zealand, the United Kingdom. “Log4j vulnerabilities present a severe and ongoing threat to organizations and governments around the world; we implore all entities to take immediate action to implement the latest mitigation guidance to protect their networks,” CISA Director Jen Easterly said in a statement. The alert follows previous guidance […]
The post CISA, Five Eyes issue guidance meant to slow Log4Shell attacks appeared first on CyberScoop.
Continue reading CISA, Five Eyes issue guidance meant to slow Log4Shell attacks
Software that has packaged a vulnerable version of the log4j library is considered vulnerable to CVE-2021-44228 or "log4shell". When I look at the NIST definition I can see that the vulnerable versions of log4j are listed, as wel… Continue reading Should vendors add their CPEs in the log4j NIST entry?
Software that has packaged a vulnerable version of the log4j library is considered vulnerable to CVE-2021-44228 or "log4shell". When I look at the NIST definition I can see that the vulnerable versions of log4j are listed, as wel… Continue reading Should vendors add their CPEs in the log4j NIST entry?
From an article for the new Log4j vulnerability, it reads here:
A researcher working for Chinese tech firm Alibaba discovered the bug and privately informed the Apache Software Foundation, an all-volunteer corporation that develops and ma… Continue reading Is my MySQL Server (run by php/apache) affected by the Log4j vulnerability?
From various sources i can see that an alibaba.com security engineer reported to the apache foundation on November 24th 2021. I also see some reports claiming the Minecraft server was the first known affected system.
Was the Minecraft expl… Continue reading When and how was log4shell discovered in public?