Info CVE-2021-44228 - Log4j RCE 0-day mitigation

USHost247

USHost247

Madly Diligent
Joined
Jul 8, 2009
Messages
8,102
Reaction score
1,036
FP$
5,440
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021, which results in remote code execution (RCE).

This vulnerability is actively being exploited and anyone using Log4j should update to version 2.15.0 as soon as possible. The latest version can already be found on the Log4j download page.

If updating to the latest version is not possible, customers can also mitigate exploit attempts by setting the system property "log4j2.formatMsgNoLookups" to “true”; or by removing the JndiLookup class from the classpath.
 
I had some local school admins reach out to me at my work place about this, seems pretty serious that I don't think our business is ready for. For my site, it stays patched up and shouldn't be affected.
 
Seems pretty serious, along with the other security update that is listed there. I know some people don't have root access by default, and would have to request a server update to get the patch.
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom