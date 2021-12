As many infosec practitioners are well aware by now, a critical vulnerability (CVE-2021- 44228) was disclosed late last week on 12/9/21 within the Apache Log4j 2 Java logging library. This vulnerability is classified as severe and allows for unauthenticated remote code execution (RCE.) Adding insult to injury, the level of skill required to exploit this vulnerability is very low. All one has to do is send a malicious code string payload to a vulnerable target and game over. From there, the attacker can load arbitrary code on a remote server, allowing them to take control of the vulnerable target workload. This is bad, to say the least.

SOFTWARE ・ 4 DAYS AGO