Log4j is an open-source logging utility offered by Apache Software Foundation. This logging library is widely used by businesses in its application to record and store activity records. It records events, errors, and routine system operations and communicates the diagnosed messages about them to the system administrators and users. It is one of the most widely used
Log4j Vulnerability, also called Log4Shell is a situation where an attacker remotely executes ode in your application and steals all the data. This Vulnerability affects the servers, attackers can take over your systems, exploit the data, make changes or do whatever they want. This is the reason why so many businesses are worried about vulnerability.
How to mitigate the Log4j Vulnerability?
You can try some of the following to mitigate this vulnerability:
Com.sum.jndi.ldap.object.trustURLCodebase
Com.sun.jndi.rmi.object.trustURLCodebase
Also, refer to our webinar on understanding and mitigating this vulnerability.
References:
https://logging.apache.org/log4j/2.x/security.html
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance