CVE-2021-44228 - Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)

📰

CVE-2021-44228 - Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)

Akamai·Akamai·about 1 month ago

#log4j #akamai #version #customers #applications #photo

Reading 0:00

15s threshold

A critical unauthenticated remote code execution (RCE) vulnerability ( CVE-2021-44228 ) has been reported in Log4j , an open source logging library. Akamai has been working directly with customers to deploy web application firewall (WAF) rules over the past 24 hours to mitigate the exposure. Log4j is incorporated into many popular frameworks, making the impact widespread. The vulnerability is actively being exploited, and when abused allows a threat actor to execute arbitrary code on systems running apps that contain the library. \r\n The vulnerability impacts multiple versions of Log4j and the applications that depend on it (these include Apache Struts2, Apache Solr, Apache Druid, Apache Flink and many others). Application administrators and developers are advised to verify which applications use the Log4j package, and, if the package version is in the vulnerable range (Log4j versions&nbsp; 2.0 - 2.14.1), immediately update to version&nbsp;2.16.0 or later as soon as possible.…

Continue reading — create a free account

Join HashtagPLUS to read full articles, follow hashtags, vote, and join the conversation.

Create free account Log in

Menu

CVE-2021-44228 - Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)