Intro Apache Log4j is a Java-based logging utility that has recently had a zero-day exploit released codenamed “Log4Shell” (CVE-2021-44228). This zero-day allows an attacker to execute code on the remote server (Remote Code Execution) and can allow an attacker the ability to fully compromise the server the service is running on. Why is this a problem? The log4J package uses a JNDILookup plugin to allow the application/service to search for data throughout a Java directory and is found on all platforms running Java+logging from version 2.
Continue reading
