Conversation

Notices

1. GeniusMusing (geniusmusing@nu.federati.net)'s status on Friday, 10-Dec-2021 19:16:59 EST GeniusMusing
   New Zero-Day In the Log4j Java Library Is Already Being Exploited Slashdot
   https://nu.federati.net/url/283919
   
   >A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. ZDNet reports:
   >Tracked as CVE-2021-44228, the vulnerability is classed as severe and allows unauthenticated remote code execution as the user running the application utilizes the Java logging library. CERT New Zealand warns that it's already being exploited in the wild. CISA has urged users and administrators to apply the recommended mitigations "immediately" in order to address the critical vulnerabilities. Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.14.1 are all affected, including many services and applications written in Java. The vulnerability was first discovered in Minecraft but researchers warn that cloud applications are also vulnerable. It's also used in enterprise applications and it's likely that many products will be found to be vulnerable as more is learned about the flaw.
   >...
   1. lnxw48a1 (lnxw48a1@nu.federati.net)'s status on Friday, 10-Dec-2021 23:41:51 EST lnxw48a1

      in reply to
      @geniusmusing
      
      Believed affected: * cloud platforms
      * enterprise applications ( which are often written in #Java )
      * Minecraft ( which was where the #log4j flaw was discovered )
      * #Android apps ( noted by @clacke )
      
      Possibly, other "log4" libraries may have a similar flaw.