Willkommen bei johann.loefflmann.net
the most interesting computer science is under the surface
In December 2021, a zero-day remote code execution vulnerability (CVE-2021-442281, Base Score 10.0) was found in Apache Log4j, a widely used Java logging library. The vulnerability was publicly disclosed via GitHub on Dec 9, 2021. The vulnerability allows attackers to take full control of systems without authentication. The vulnerability is also known as "log4shell". Many recommendations out there suggest the user to find the filenames by typing the GNU/Linux command find / -iname "*log4j*" or to find live
CVE-2021-44832 tells us that the issue has been fixed in Log4j 2.17.1 (for Java 8), 2.12.4 (for Java 7) and 2.3.2 (for Java 6). See also https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 In other words all other older releases are vulnerable.
Willkommen bei johann.loefflmann.net