Security in development
😰 Log4J vulnerability in detail and the bigger picture
It’s a sad day for the Java community
CVE-2021–44228 is a very hot number string today. Search it everywhere, it is there in youtube, blogs, news, podcasts and everywhere.
Why it is so popular, you may ask. Let’s discuss.
Table of Contents
· 📍Issue
∘ 📎 Links
· ✅ Mitigation
∘ If you can redeploy quickly
∘ Other workaround from apache
∘ Update December 13, 2021
∘ Update December 17, 2021 (CVE-2021–45105)
· 🗒 Details
∘ The source
∘ The reason
∘ Let’s see it in action
∘ More exploitations
∘ Conclusion
📍Issue
On December 9th, Apache Foundation posted an article that discusses about a Zero Day vulnerability regarding the Log4j java library. If you are not aware, Log4j is one of the most used java libraries of all time in the Java community. To most of the organization, this is the one and only log library used in their production system. The…