Another vulnerability has been discovered for Log4j and the Apache Foundation has therefore released another patch. Version Log4j 2.17.1 should again fix remote code execution.
The now-found vulnerability, CVE-2021-44832, for Log4j is found in version 2.17.0. The vulnerability allows hackers who have permission to modify the logging configuration file to set up a malicious configuration for remote code execution.
The vulnerability now found affects all versions, including the recent ones, from Log4j 2.0-alpha to 2.17.0. Only versions 2.3.2 and 2.12.4 are not affected.
The patch closes the vulnerability by, among other things, limiting the JDNI data source names in Log4j in version 2.17.1 and previous patches to the Java protocol. This also applies to version 2.12.4 for Java 8 and 2.3.2 for Java 6.
Researchers identified the vulnerability using standard static code analysis tools combined with manual investigation. According to experts, the vulnerability found is not as malicious as it seems, but the patches must be implemented. They expect more Log4j vulnerabilities to come to light in the near future. These will of course also have to be patched.
Many individuals report facing issues with a website called Keyapp.monster. This website tricks users into…
Many individuals report facing issues with a website called Newsparty.top. This website tricks users into…
Upon closer inspection, Pianoic is more than just a browser tool. It's actually a browser…
Many individuals report facing issues with a website called Henidspost.com. This website tricks users into…
Every passing day makes ransomware attacks more normal. They create havoc and demand a monetary…
Upon closer inspection, Rsrc2u.com is more than just a browser tool. It's actually a browser…