Hello, I was wondering if any of you have heard/discussed the log4j vulnerability? Perhaps you could point me to that thread if you have seen it or were involved in it? From what I understand there are at least 500 applications which are effected by this vulnerability. Some of them are Atlassian, IBM, cisco, Vsphere, Red hat, Microsoft, Citrix and so on. Apparently, the vulnerability was originally found being exploited in the game Minecraft but was widely released to the public before any patching could take place. It uses a flaw in the Apache web service that sends logs using java. This is the easiest way to do logging and any 3rd party application that uses a website for interface most likely uses Apache (even routers and sans).
I am wondering how many (if any) of you are already aware and have taken steps to safeguard yourself agaist this vulnerability. If so, please, would you be so kind as to list the approach/steps you took here in this thread? Or, as I said before, if you are aware that this issue has already been addressed in another thread would you please point me at that thread?
I am wondering how many (if any) of you are already aware and have taken steps to safeguard yourself agaist this vulnerability. If so, please, would you be so kind as to list the approach/steps you took here in this thread? Or, as I said before, if you are aware that this issue has already been addressed in another thread would you please point me at that thread?