Log4j Vulnerability


    In News 

    A new vulnerability named Log4 Shell is being touted as one of the worst cybersecurity flaws to have been discovered. 

    About Log4j vulnerability

    • The vulnerability is dubbed Log4 Shell and is officially CVE-2021-44228.
      • CVE number is the unique number given to each vulnerability discovered across the world).
    • It is based on an open-source logging library used in most applications by enterprises and even government agencies.
    • The exploits for this vulnerability are already being tested by hackers and it grants them access to an application, and could potentially let them run malicious software on a device or servers.
    • The problem impacts Log4j 2 versions which is a very common logging library used by applications across the world. 
      • Logging lets developers see all the activity of an application.
    • Concerns: 
    • It is a serious concern because it could allow hackers to control java-based web servers and launch what is called ‘remote code execution (RCE) attacks.
      • In simple words, the vulnerability could allow a hacker to take control of a system.
      • It is rating this vulnerability as quite severe.
        • the flaw “can be exploited either over HTTP or HTTPS (the encrypted version of browsing),” which adds to the problems.

    Source: IE