News

Severe vulnerability in Apache Log4j 2 could affect thousands of organizations

By admin
Spread the love

A serious vulnerability has been found in the widely used Log4j 2 tool, which is used for logging Java applications. The NCSC expects exploit code and abuse in the short term, which could affect thousands of organizations.

The vulnerability in the Apache Log4j 2 open source tool allows an unauthenticated person to remotely inject and execute arbitrary code with the permissions of the affected Java application. The Java logging tool is used by many organizations for cloud services and enterprise apps, among other things. Default configurations of Apache projects Apache Struts2, Solr, Druid, and Flink are vulnerable due to the Log4j 2 issue.

The vulnerability has been designated CVE-2021-44228 and is also known as Log4Shell or LogJam. According to the NCSC, proof-of-concept code has now been published for this vulnerability and the organization expects that exploit code and abuse will be released in the short term. According to New Zealand’s Computer Emergency Response Team, it is already being actively exploited.

Versions from Log4j 2.0-beta9 through 2.14.1 are vulnerable. Apache has released updates to fix the vulnerability and version 2.15.0 has resolved the issue. Source code patches are available from the Log4j project’s Github page. As a workaround, administrators can set the directive ‘log4j2.formatMsgNoLookups’ to ‘true’ by adding ‐Dlog4j2.formatMsgNoLookups=True” to the JVM command that launches the tool.

You might also like
News

Android 14 beta brings support for a desktop mode

News

Good news for TSMC: its 3nm node will take flight in 2024 thanks to the push of these…

News

The most boring technology of the 21st century: Intel has only grown 5% since 2000

News

Google Password Manager can start sharing passwords with partners or children

News

PlayStation 5 beta update improves audio from DualSense controller

News

Rumor: Android 15 puts apps in ‘edge-to-edge’ mode by default