Seems to be quite a problem, although Java seems to be the attack vector & primarily affects servers.
https://www.techtimes.com/articles/2692 ... vices.html
Log4Shell Vulnerability
-
- Posts: 1394
- Joined: Sun Jul 12, 2020 2:38 am
- Location: S.E. Australia
- Has thanked: 212 times
- Been thanked: 614 times
Log4Shell Vulnerability
- 8Geee
- Posts: 376
- Joined: Wed Jul 29, 2020 10:52 pm
- Location: N.E. USA
- Has thanked: 17 times
- Been thanked: 54 times
Re: Log4Shell Vulnerability
hmmmm... can't get the website or the article to open. might be a me problem.
Money talks... no, it shouts, so that it doesn't have to hear common sense.
- Flash
- Moderator
- Posts: 907
- Joined: Tue Dec 03, 2019 3:13 pm
- Location: Arizona, U.S.
- Has thanked: 47 times
- Been thanked: 109 times
Re: Log4Shell Vulnerability
[2021.12.14] It’s serious:
The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username.
Threat advisory from Cisco. Cloudflare found it in the wild before it was disclosed. CISA is very concerned, saying that hundreds of millions of devices are likely affected.