https://arstechnica.com/information-...-is-it-really/
A Java logging framework allows you to run remote code. It's been there for years and people have only just woken up to how much of a hole or is in security.
If the application you are using writes the text you have entered to a log file using log4j, then you can inject code to be executed by log4j.
This could cause havoc because it's in widely used Apache software on all platforms.
A Java logging framework allows you to run remote code. It's been there for years and people have only just woken up to how much of a hole or is in security.
If the application you are using writes the text you have entered to a log file using log4j, then you can inject code to be executed by log4j.
This could cause havoc because it's in widely used Apache software on all platforms.
via International Skeptics Forum https://ift.tt/3E8Cic9
Aucun commentaire:
Enregistrer un commentaire