Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Exploiting and Mitigating CVE-2021-44228: Log4j Remote Code Execution (RCE)

Dec 16, 2021

A new critical vulnerability has been found in log4j, a widely-used open-source utility used to generate logs inside java applications. The vulnerability CVE-2021-44228, also known as Log4Shell, permits a Remote Code Execution (RCE) allowing the attackers to execute arbitrary code on the host.

The log4j utility is popular and used by a huge number of applications and companies, including the famous game Minecraft. It is also used in various Apache frameworks like Struts2, Kafka, Druid, Flink, and many commercial products.

Visit our blog to better understand why the affected utility is so popular, the vulnerability’s nature, and how its exploitation can be detected and mitigated.
https://sysdig.com/blog/exploit-detect-mitigate-log4j-cve/

MB01OSN1KUOWFZU