Critical Log4j Vulnerability and Recommendations to Resolve it

Webinar – Mobile app pen testing: Understanding android apps and how to secure them

January 21, 2022

Why Is Gartner Talking About External Attack Surface Management (EASM)

February 9, 2022

January 24, 2022

What is Log4J?

Log4j is an open-source logging utility offered by Apache Software Foundation. This logging library is widely used by businesses in its application to record and store activity records. It records events, errors, and routine system operations and communicates the diagnosed messages about them to the system administrators and users. It is one of the most widely used

What is Log4j Vulnerability?

Log4j Vulnerability, also called Log4Shell is a situation where an attacker remotely executes ode in your application and steals all the data. This Vulnerability affects the servers, attackers can take over your systems, exploit the data, make changes or do whatever they want. This is the reason why so many businesses are worried about vulnerability.

Some of the key details of Log4j include:

Apache released a new version of Log4j 2.15.0 for Java 8 to address a remote code execution (RCE) vulnerability, CVE-2021-44228, on December 10, 2021.
Log4j 2.12.2 released for Java 7 and Log4j 2.16.0 for Java 8 to address an RCE vulnerability, CVE-2021-45046 on December 13, 2021.
On December 15, 2021, Log4j 1.x vulnerable to an attack, although at lower risk, when logging is configured with JMSAppender are impacted – CVE-2021-4104. It is recommended to upgrade to Log4j 2.x.
On December 17, 2021 Log4j 2.17.0 released for Java 8 users to address a denial-of-service (DOS) vulnerability – CVE-2021-45105.
On December 28, 2021, Apache released version 2.17.1 to address CVE-2021-44832.