log4jとはJava用のloggingライブラリだ。loggingライブラリというのはログとして記録すべき文字列を受け取り、それをどこかに出力するものだ。文字列の中身を通常のloggingライブラリは気にしない。 log4jが通常のloggingライブラリと違うのは、文字列の中身を見て、一部の文字列を変数とみなして置換することだ。これは…
CVE-2021-44228 – Log4j RCE 0-day mitigation
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE). This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest ver…
GitHub – YfryTchsGD/Log4jAttackSurface
Intro Log4j impact manufacturers and components summary from the Internet community. Welcome everyone to submit mr to perfect the possible influence surface. Affect the internet manufacturer Apple Tencent steam twitter Baidu DIDI JD NetEase CloudFlare Amazon Affect the components Apache Solr Apac…
Zeroday in ubiquitous Log4j tool poses a grave threat to the Internet
Minecraft is the first, but certainly not the last, app known to be affected.