Log4j / Log4Shell
One month into the Log4j vulnerability, we take a look at the 3 CVEs and their fixes, known exploits being observed in the wild, and a way forward in dealing with the ubiquitous and targeted Java library.
January 7, 2022
Amid the focus on Log4j while patching CVE-2021-44228, a JNDI injection RCE vulnerability, Apache has released 2.16.0 which disables JNDI by default and removes support for Message lookups in order to fix a newly discovered denial of service vulnerability.
December 14, 2021
Updates and recommended guidance for identifying vulnerable servers and mitigating exploit attempts.
December 13, 2021
A high-severity zero-day has been uncovered in Apache Log4j which could allow a log injection RCE exploit.
December 10, 2021