A serious vulnerability was found in the Java library Log4j. The vulnerability can be used by attackers to execute arbitrary code on a system. Well-known services such as Minecraft, Steam, and iCloud are also affected by the security hole.
The vulnerability gives hackers the ability to send manipulated requests to vulnerable web servers or applications. For the attack to work, the respective system only needs to receive a string and record the request with Log4j. A server can then be completely taken over by executing any code.
Vulnerability Jeopardize many services
The problem doesn’t just affect services written in Java. Web applications that have been implemented with the help of another programming language can also be affected, provided certain libraries and Java dependencies are used. According to a developer’s listing, well-known services such as Apple iCloud, Steam, Twitter, many Amazon services, Minecraft, CloudFlare, and Apache platforms are also at risk.
Since Log4j is a very popular logging library, the vulnerability should exist in most Java projects. Log4j versions 2.0-beta9 to 2.14.1 are affected by the vulnerability. Developers can use this script to test whether their own project is vulnerable.
The vulnerability is listed under the designation CVE-2021-44228 and has since been fixed. The developers worked on a patch and integrated the code into the logging library with version 2.15. If you do not yet have the opportunity to incorporate the update into your project, you should temporarily deactivate the JNDI function of Log4j.
Web Desk is the news author at Research Snipers which mainly covers Technology News, Microsoft News, Google News, Facebook, Apple, Huawei, Xiaomi, and other tech news and served by Research Snipers Staff and editors.