上級分類: 計算機安全零日攻擊

what is log4j

What to know about the Log4j vulnerability?

YAML 來源 問題

A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week.

The list of potential victims encompasses nearly a third of all web servers in the world, according to cybersecurity firm Cybereason. Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, and one of the world's most popular video games, Minecraft count themselves among the slew of tech and industry giants running the popular software code that U.S. officials estimate have left hundreds of millions of devices exposed.

By Friday, more than 3,700,000 hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm Checkpoint, with more than 46% conducted by known malicious groups.


沒有子分類。

投票 (可選) (別通知) (可選)
請,登錄

歡迎來到無限,[Bassxn2]! :) log4j 是 計算機安全 問題,和 0-day-ish 問題,並且它非常普遍,因爲 Log4j 是在各種軟件中使用的非常流行的庫。

很好,很容易修復:

  • Java 8 的 Log4j 到 >=2.17.0
  • Java 7 的 Log4j 到 >=2.12.3
  • Java 6 的 Log4j 到 >=2.3.1
  • 或刪除zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

查找入侵痕跡:

請注意,這個問題對時間非常敏感,它不是一個長期的全球挑戰。 [標記爲到期]

Welcome to Infinity, [Bassxn2]! :) The log4j is a computer security issue, and 0-day-ish issue, and it's super-widespread, because Log4j is very popular library used in all kind of software.

It's good it's easy to fix:

  • Java 8's Log4j to >=2.17.0
  • Java 7's Log4j to >=2.12.3
  • Java 6's Log4j to >=2.3.1
  • OR remove zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

Lookup for traces of intrusion:

Take a note, that this issue is very circumstantial time-sensitive, it is not a long-term global challenge. [marked-for-expiry]



    :  -- 
    : Bassxn2
    :  -- 
    

Mindey,

謝謝!並感謝詳細說明和解釋,不勝感激。著名的。

Thank you! And thanks for elaboration and explanation, appreciated. Noted.



    :  -- 
    : Mindey
    :  -- 
    

Bassxn2,

語言