In News
A new vulnerability named Log4 Shell is being touted as one of the worst cybersecurity flaws to have been discovered.
About Log4j vulnerability
- The vulnerability is dubbed Log4 Shell and is officially CVE-2021-44228.
- CVE number is the unique number given to each vulnerability discovered across the world).
- It is based on an open-source logging library used in most applications by enterprises and even government agencies.
- The exploits for this vulnerability are already being tested by hackers and it grants them access to an application, and could potentially let them run malicious software on a device or servers.
- The problem impacts Log4j 2 versions which is a very common logging library used by applications across the world.
- Logging lets developers see all the activity of an application.
- Concerns:
- It is a serious concern because it could allow hackers to control java-based web servers and launch what is called ‘remote code execution (RCE) attacks.
- In simple words, the vulnerability could allow a hacker to take control of a system.
- It is rating this vulnerability as quite severe.
- the flaw “can be exploited either over HTTP or HTTPS (the encrypted version of browsing),” which adds to the problems.
Source: IE