Monday, December 13, 2021

What is Log4j 2 RCE issue CVE-2021-44228? How to solve Log injection? [Tactical and Permanent Fix]

Hello guys, since the last couple of days, there is a lot of chaos going into the Java world due to the Log4j2 issue which allows Remote code execution (RCE), the CVE-2021-44228, which is designated a zero-day vulnerability. Everyone is busy whether their Java application is impacted and given the popularity of Log4j it's a good chance that your application will be impacted.  Even if you are not using Log4j2 directly, they might be used by the framework or library you use like Spring Boot, Hadoop, Elastic Serach, or Struts. This is kind of a serious issue becuase RCE Vulnarabilyt means it allows hackers to execute code in your servers, and this has been used in past on many breaches like the 2017 Equifax data breach but its not time to lose calm and understand the impact and whether your app is affected or not and what you can do in short term to prevent it. 
Page 1 of 2981234567...298Next »Last