Log4j Flaw Needs Immediate Remediation | LinuxSecurity.com

Advisories

Discover Network Security News

Log4j Flaw Needs Immediate Remediation

Log4j Flaw Needs Immediate Remediation

After nearly two years of adopting major network and security changes wrought by COVID-19 and hybrid work, weary IT network and security teams didn’t need another big issue to take care of, but they have one: Stemming potential damage from the recently disclosed vulnerability in open source Java-logging Apache Log4j software.  

Log4j or Log4Shell has been around a long time—it was released in January, 2001—and is widely used in all manner of enterprise and consumer services, websites, and applications. Experts describe the system as an easy-to-use common utility to support client/server application development.

The Log4j weakness, defined in CVE-2021-44228  and CVE-2021-45046 in the National Vulnerability Database, basically lets an unauthenticated remote actor take control of an affected server system and gain access to company information or unleash a denial of service attack.

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.