The critical log4j vulnerability was disclosed 2 weeks ago in Java logging package log4j sent security shockwaves throughout the industry given how frequently that open-source library is used to develop corporate business software. A 0-day exploit was discovered on a popular Java library Log4j2 that can consequently result to a Remote Code Execution (RCE).
“Normally a vulnerability is reported privately to the software developers, who then have time to repair the issue and release an update, so attackers don‘t gain a temporary advantage,”
“Log4j is used all throughout the Internet and [affects] multiple applications and systems with deep roots.”.
“it would not be a surprise to see further bugs disclosed – with or without a patch.”
“Sadly, it appears this is going to affect organization’s continuously into the future as they identify more items that are affected by this vulnerability.”
List of IT Vendors
Fortinet – Fortinet Fortiguard
Apache – Make sure your web hosting company upgrade their Apache Web Server with Apache Log4j 2.17
“keeping a lot of security professionals up at night.”