![]() Moore and other researchers said the Java deserialization bug stems from Log4j making network requests through the JNDI to an LDAP server and executing any code that's returned. This Apache page does acknowledge the recent fixing of a serious vulnerability. The Apache Foundation has yet to disclose the vulnerability, and representatives there didn't respond to an email. Security firm Cyber Kendra on late Thursday reported a Log4j RCE Zero day being dropped on the Internet and concurred with Moore that “there are currently many popular systems on the market that are affected.” One of the few early sources providing a tracking number for the vulnerability was Github, which said it's CVE-2021-44228. ![]() That means that a dizzying number of third-party apps may also be vulnerable to exploits that carry the same high severity as those threatening Minecraft users.Īt the time this post went live, there wasn’t much known about the vulnerability. Log4j is incorporated into a host of popular frameworks, including Apache Struts2, Apache Solr, Apache Druid, and Apache Flink. ![]() “This is a big deal for environments tied to older Java runtimes: Web front ends for various network appliances, older application environments using legacy APIs, and Minecraft servers, due to their dependency on older versions for mod compatibility.” “The Minecraft side seems like a perfect storm, but I suspect we are going to see affected applications and devices continue to be identified for a long time,” HD Moore, founder and CTO of network discovery platform Rumble, said. The picture became more dire still as Log4j was identified as the source of the vulnerability and exploit code was discovered posted online. The sites warned that hackers could execute malicious code on servers or clients running the Java version of Minecraft by manipulating log messages, including from things typed in chat messages. ![]() Word of the vulnerability first came to light on sites catering to users of Minecraft, the best-selling game of all time.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |