GIGAZINE

Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have a major impact on the world?

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on December ...
디지털데일리

아파치 ‘log4j’ 취약점 추가 발견··· KISA “최신 버전 업데이트해야”

[디지털데일리 이종현기자] 아파치(Apache) 소프트웨어(SW) 재단의 자바(Java) 기반 로깅 라이브러리 ‘Log4j’에서 추가 취약점이 발견됐다. 15일 정보기술(IT) 업계에 따르면 기존에 취약점이 ...
Security Boulevard

How to detect Log4j vulnerabilities in Java projects for free with CodeSec

Log4j is a popular Java logging tool with a critical cybersecurity vulnerability that gained global attention in December 2021. The U.S. Dept. of Homeland Security’s Cyber Safety Review Board stated ...
디지털데일리

IT업계 뒤흔든 자바 취약점 ‘Log4j’··· 체크막스 “시큐어코딩 생활화해야”

애드리안 옹 체크막스 EMEA/APJ 지역 채널 및 북아시아 영업 총괄 부사장 [디지털데일리 이종현기자] 전 세계 정보기술(IT) 기업은 아파치(Apache) 소프트웨어 재단의 오픈소스 자바(Java) 로깅 프레임 ...
GIGAZINE

A cheat sheet that summarizes how to deal with the Java / Log4j library vulnerability 'Log4Shell' is being released, and the affected products are also revealed at a glance.

Royce Williams, who works for cyber security company Alaskan Cyber Watch, has released a cheat sheet about the zero-day vulnerability 'Log4Shell ' discovered in Java's log output library Log4j. The ...
Bleeping Computer

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS

All set for the weekend? Not so fast. Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga started last week, security ...
Security Boulevard

CyRC Vulnerability Analysis: Remote code execution zero-day exploit in Java logging library (log4j)

The NVD currently lacks a CVSS score for this vulnerability, but the Synopsys Cybersecurity Research Center (CyRC) has issued a corresponding Black Duck® Security Advisory (BDSA), and assigned a CVSS ...