In this video, I demonstrate the process of exploiting the Log4J vulnerability, also known as Log4Shell as well as explore the process of mitigating the vulnerability on Apache Solr.
//WHAT IS LOG4J?
Apache Log4j is one of the most widely utilized, open-source Java-based logging utilities. It is used by various Apache solutions like Apache Tomcat, Apache Solr, and Apache Druid to name a few.
//WHAT IS LOG4SHELL?
On November 30th, 2021, the Apache log4j development team was made aware of a vulnerability in Log4j that could allow the injection of malicious input that could consequently facilitate remote code execution.
On December 9th, 2021, the Infosec community was made aware of this finding and the far-reaching impacts of the vulnerability.
The vulnerability could potentially allow attackers to take control of any system running Log4j by logging a certain string.
The vulnerability, now assigned as CVE-2021–44228 has a severity score of 10 (CRITICAL) and has been dubbed “Log4Shell”.
//LINKS
THM Room: h
1 view
0
0
5 months ago 00:16:31 1
BUSTING some packaging format MYTHS! App verification, sandbox, package maintainers...
8 months ago 00:04:40 1
ГорбенкоТех - Экстренный выпуск. Обновление для курса “Установка и изучение SAP в облачных сервисах“
9 months ago 00:09:38 1
Logback vs SLF4J vs Log4J2 - what is the difference? Java Brains Brain Bytes
10 months ago 00:37:31 1
Keep Your Dependencies in Check • Marit van Dijk • GOTO 2023
1 year ago 00:12:52 1
Log4shell - угрожает Minecraft или УЯЗВИМОСТЬ НУЛЕВОГО ДНЯ
1 year ago 00:18:54 1
Телеграм бот на Java. Создаем проект, интегрируемся с телегой. Урок 1.
1 year ago 01:07:35 12
Инструменты логгирования для платформы Java
1 year ago 00:01:33 1
Набор на приватный сервер Friends Shield ⚔️ Бесплатный Ванилльный Minecraft
2 years ago 00:11:14 1
Уязвимость Log4j | Эта Команда в Чате ЛОМАЕТ СЕРВЕРА MINECRAFT
2 years ago 00:29:38 4
DI, DI-контейнеры, аспектно-ориентированное программирование в Python vs Java. Чистый код, 11 глава
2 years ago 00:13:09 1
Triaging Real Time Security Threats with eBPF Powered Observability • Daniel Kim • GOTO 2022
2 years ago 00:41:14 1
Live Hacking: Breaking into Your Web App • Brian Vermeer • GOTO 2022
2 years ago 00:09:49 1
Самая Страшная неделя в истории Minecraft Уязвимость Log4Shell [FitMc на русском]
3 years ago 00:24:55 1
Could I Hack into Google Cloud?
3 years ago 00:51:08 2
Проблемы с Open Source. Глобальная сеть третьей версии
3 years ago 00:21:49 1
Crazy JSP Web Shell to Exploit Tomcat - Real World CTF 2022
3 years ago 00:54:29 3
Главные IT-Новости 2021 года – часть 1 | Влад Тен | Андрей Кузьмин (Леха Медь) | Прожектор Робапайка
3 years ago 00:20:19 1
Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046
3 years ago 00:04:09 1
НЕ ИГРАЙТЕ СЕЙЧАС В МАЙНКРАФТ!
3 years ago 00:13:37 2
Detect Vulnerable Log4J Websites with CanaryTokens | HakByte
3 years ago 00:06:05 10
Why, HDMI? Why??
3 years ago 00:23:11 1
DuckDuckGo’s Desktop Browser is Almost Here - Surveillance Report 68
3 years ago 00:08:09 3
Log4j “Log4Shell“ RCE explained (CVE-2021-44228)
3 years ago 00:16:07 1
Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2