Tag: log4j

Last week a vulnerability affecting the most common logging packages in Java, Log4j, was made public, complete with exploit code. The vulnerability is rated with a critical severity rating of 10. Successful exploitation allows for a very uncomplicated remote command execution without requiring any authentication over the Internet resulting in a complete compromise of data and system confidentiality, integrity and availability. This blogpost explains the detection methods, exploitation techniques and mitigation instructions of the vulnerability.

A step-by-step guide on how to identify Log4j vulnerabilities on Windows machines using log4jscanwin

A guide to help you discover vulnerable Log4j packages across multiple Linux machines using scripting and the AWS SSM to run commands remotely.

A post about how we performed an analysis of the Kafka connectors in use for a customer to detect if they were vulnerable to the recently discovered Log4j vulnerability - CVE-2021-44228 and CVE-2021-45046.