Log4j Explained
Log4j Explained: How It Is Exploited and How to Fix It Log4j or Log4Shell, a critical vulnerability in the widely used Apache Log4j Library, has raised alarms and security concerns across the tech and info security communities. The Log4j flaw ( CVE-2021-44228 ), reported last week, is a remote code execution (RCE) vulnerability that enables hackers to execute arbitrary code and take full control of vulnerable devices. What Is Log4j? Apache Log4j is a Java-based logging utility developed by the Apache Software Foundation. Several companies use the Log4j library worldwide to enable logging and configure a wide set of applications. The Log4j flaw allows hackers to run any code on vulnerable machines or hack into any application directly using the Log4j framework. Looking at its severity, MITRE rated the vulnerability as critical and assigned a CVSS score of 10/10. Affected Systems and Enterprises The vulnerability reportedly affects sys...