Personaly i dont know too much about this exploit,but from what ive read upto now,i would advise reading up about it, possibly a nasty bug. Not an expert report or anything,just a quick YT Link from a imho safe youtuber.
OS Log4 J
- Thread starter Tamarc
- Start date
- Joined
- Dec 3, 2012
- Messages
- 1,736
- Reaction score
- 1,159
its a bad one.
the fact its so easy to exploit and you get escalated permissions makes it so bad.
anyone into security you can set up a log4j lab with this guide.
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
the fact its so easy to exploit and you get escalated permissions makes it so bad.
anyone into security you can set up a log4j lab with this guide.
A Docker based LDAP RCE exploit demo for CVE-2021-44228 Log4Shell
This log4j is a trivial bit of code and used for logging and not any functionality of the application/system. 100% of systems will use this logging method, are vulnerable thus the score of 10 being given and the criticallity of resolving it.
For me a lot of network devices I implemented and support like Cisco ISE were impacted and within a few days patches were released and implemented.
I implement SIEM solutions and when this got discovered was developing queries in Azure Sentinel to detect any attacks and thankfully none detected
now the fix has exposed a DOS attack
NVD - CVE-2021-45105
For me a lot of network devices I implemented and support like Cisco ISE were impacted and within a few days patches were released and implemented.
I implement SIEM solutions and when this got discovered was developing queries in Azure Sentinel to detect any attacks and thankfully none detected
now the fix has exposed a DOS attack
NVD - CVE-2021-45105
Last edited:
Similar threads
