Skip to main content

Posts

Showing posts with the label The Crazy Programmer Log4J Vulnerability (Log4Shell) Explained Log4J Vulnerability (Log4Shell) Explained The Crazy Programmer

Log4J Vulnerability (Log4Shell) Explained Pulkit Govrani The Crazy Programmer

It is an open source library in java built for logging error messages in applications including networks, cloud computing services. This library has been used in many java programs designed for server as well as client applications. What is Log4Shell in Log4j? Log4Shell is a vulnerability that affects the core function of log4j. This allows the attacker to execute the code remotely leading to: Taking the complete control of the system Ability to test and run any code without being caught Acquiring the important data present in the system Power to delete or eject viruses inside the system files This vulnerability is having a CVSS score of 10, stating that it’s severe in nature. Fixing of this vulnerability cannot be avoided at any cost if you are using Log4j. Is your software under threat? This basically depends upon the version of Log4j that you are using currently. If you are using Log4j v1 then the risk is very lesser comparatively. Under quite certain conditions, Log4