Rui Carlos Posted December 14, 2021 at 07:30 PM Report Share #624922 Posted December 14, 2021 at 07:30 PM Citação A vulnerability in the open source Apache logging library Log4j sent system administrators and security professionals scrambling over the weekend. Known as Log4Shell, the flaw is exposing some of the world's most popular applications and services to attack, and the outlook hasn't improved since the vulnerability came to light on Thursday. If anything, it's now excruciatingly clear that Log4Shell will continue to wreak havoc across the internet for years to come. [...] The range of impacts is so broad because of the nature of the vulnerability itself. Developers use logging frameworks to keep track of what happens in a given application. To exploit Log4Shell, an attacker only needs to get the system to log a strategically crafted string of code. From there they can load arbitrary code on the targeted server and install malware or launch other attacks. Notably, hackers can introduce the snippet in seemingly benign ways, like by sending the string in an email or setting it as an account username. [...] https://www.wired.com/story/log4j-log4shell/ Entretanto já foram lançadas duas versões para tentar corrigir o problema. A actualização não é complicada (dependendo da versão que era usada anteriormente), mas suspeito que muitos sistemas que não são activamente mantidos podem não vir a ser actualizados tão cedo, o que tem tudo p Rui Carlos Gonçalves Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now