{"id":10670,"date":"2021-12-15T00:00:00","date_gmt":"2021-12-15T00:00:00","guid":{"rendered":"https:\/\/www.nextias.com\/current_affairs\/uncategorized\/15-12-2021\/log4j-vulnerability\/"},"modified":"2021-12-15T00:00:00","modified_gmt":"2021-12-15T00:00:00","slug":"log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/www.nextias.com\/ca\/current-affairs\/15-12-2021\/log4j-vulnerability","title":{"rendered":"Log4j Vulnerability"},"content":{"rendered":"<p><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>In News\u00a0<\/u><\/strong><\/span><\/span><\/span><\/p>\n<p><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">A new vulnerability named <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Log4 Shell <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">is being touted as one of the <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>worst <\/strong><\/span><\/span><\/span><a href=\"https:\/\/www.nextias.com\/current-affairs\/03-12-2021\/cyberattacks-on-indian-sites\" style=\"text-decoration:none\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#1155cc\"><strong><u>cybersecurity <\/u><\/strong><\/span><\/span><\/span><\/a><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>flaws to have been discovered.\u00a0<\/strong><\/span><\/span><\/span><\/p>\n<p><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong><u>About Log4j vulnerability<\/u><\/strong><\/span><\/span><\/span><span style=\"font-size:13pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong> <\/strong><\/span><\/span><\/span><\/p>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The vulnerability is dubbed<\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong> Log4 Shell<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> and is officially <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>CVE-2021-44228.<\/strong><\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>CVE <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">number is the unique number given to <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>each vulnerability discovered across the world).<\/strong><\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">It is based on an <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>open-source logging library<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> used in most applications by <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>enterprises and even government agencies.<\/strong><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>exploits for this vulnerability <\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">are already being tested by hackers and it <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>grants them access to an application,<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> and could potentially let them run <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>malicious software on a device or servers.<\/strong><\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">The problem impacts Log4j 2 versions which is a very common logging library used by applications across the world.\u00a0<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Logging lets developers see all the activity of an application.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>Concerns:\u00a0<\/strong><\/span><\/span><\/span><\/li>\n<\/ul>\n<ul>\n<li style=\"list-style-type:circle\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">It is a serious concern because it could allow hackers to <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>control java-based web servers<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> and launch what is called <\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"><strong>\u2018remote code execution (RCE)<\/strong><\/span><\/span><\/span><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\"> attacks.<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">In simple words, the vulnerability could allow a hacker to take control of a system.<\/span><\/span><\/span><\/li>\n<li style=\"list-style-type:square\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">It is rating this vulnerability as quite severe.<\/span><\/span><\/span>\n<ul>\n<li style=\"list-style-type:disc\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">the flaw \u201ccan be exploited either over HTTP or HTTPS (the encrypted version of browsing),\u201d which adds to the problems.<\/span><\/span><\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#000000\">Source:<\/span><\/span><\/span><a href=\"https:\/\/indianexpress.com\/article\/explained\/log4j-vulnerability-cybersecurity-7671367\/\" style=\"text-decoration:none\" target=\"_blank\" rel=\"noopener\"><span style=\"font-size:12pt\"><span style=\"font-family:'Book Antiqua',serif\"><span style=\"color:#1155cc\"><u> IE<\/u><\/span><\/span><\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In News\u00a0 A new vulnerability named Log4 Shell is being touted as one of the worst cybersecurity flaws to have been discovered.\u00a0 About Log4j vulnerability The vulnerability is dubbed Log4 Shell and is officially CVE-2021-44228. CVE number is the unique number given to each vulnerability discovered across the world). It is based on an open-source [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10671,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[21],"tags":[114,26],"class_list":["post-10670","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-current-affairs","tag-cyber-crime-security","tag-gs-3"],"acf":[],"jetpack_featured_media_url":"https:\/\/wp-images.nextias.com\/cdn-cgi\/image\/format=auto\/ca\/uploads\/2023\/07\/7438315Screenshot_6.png","_links":{"self":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/10670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/comments?post=10670"}],"version-history":[{"count":0,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/posts\/10670\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media\/10671"}],"wp:attachment":[{"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/media?parent=10670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/categories?post=10670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextias.com\/ca\/wp-json\/wp\/v2\/tags?post=10670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}