Security News > 2021 > December > The Log4j JNDI attack and how to prevent it
2021-12-13 18:35
The disclosure of the critical Log4Shell (CVE-2021-44228) vulnerability and the release of first one and than additional PoC exploits has been an unwelcome surprise for the entire information security community, but most of all those who are tasked with keeping enterprise systems and network secure. The timing of it all could be worse – it could have happened on Christmas Eve, for example – but the news hitting on a Thursday evening/Friday in the run-up … More → The post The Log4j JNDI attack and how to prevent it appeared first on Help Net Security.
News URL
https://www.helpnetsecurity.com/2021/12/13/how-to-prevent-log4j-attack/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Deserialization of Untrusted Data vulnerability in multiple products Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple CWE-502 critical | 10.0 |