Important vulnerability check - log4j (Log4Shell)

RollerAds

Neil

Grandpa affLIFT
Staff Member
Community Leader
Joined
Dec 1, 2018
Messages
2,994
In my day to day job I seem to see a never ending list of 'critical vulnerabilities' almost on a daily basis but this one I thought I should mention so you can check as it has the potential to be quite bad if you get hit by it!

Its due to a vulnerability in the Java-based Log4j package, what the hell is Log4j and why would i care? Let me address each one of those very valid questions

What is Log4j?
Log4j is a reliable, fast and flexible logging framework (APIs) written in Java, which is distributed under the Apache Software License and is often bundled/embedded with third party software.

It has 3 main components:
  • loggers - which are used to capture logging information
  • appenders - which are used to publish logging information
  • layouts - which are used to format logging information
A quick background of the Log4j package
  • Started back in 1996 as tracing API for the E.U. SEMPER (Secure Electronic Marketplace for Europe) project
  • It went through many enhancements and versions which eventually evolved into the Log4j logging package
  • It's distributed under the Apache Software License which is an open source license
 
Last edited:
To view the premium content in our affiliate marketing forum (including this awesome thread), you must first register and upgrade your account. Register today and become a part of our amazing community!
Top