WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

1.4K
(+9/-0)
Patch Log4j

Do it. Not fucking around here. Google how to patch it and make sure whatever apps you use are patched as well. Log4j is component of a fuckton of IBM and Oracle apps. Basically anything that uses java, make sure.

Upgrading it is better but if you can’t, patch it.

Do it. Not fucking around here. Google how to patch it and make sure whatever apps you use are patched as well. Log4j is component of a fuckton of IBM and Oracle apps. Basically anything that uses java, make sure. Upgrading it is better but if you can’t, patch it.

(post is archived)

[–] 0 pt

What is the exploit it is vulnerable to unpatched?

[–] 2 pts

Basically you can craft an LDAP query call and log4j processes it as a log but when it hits the system it can be a CLI command that runs as root or Administrator. The bad guy has a LDAP server with the command to be run as an LDAP entry. Log4J gets it and runs it.

https://blog.checkpoint.com/2021/12/11/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1/

[–] 1 pt

Thanks mate. IBM is notoriously shitpozzed with diverse globohomo.

[–] 0 pt (edited )

Yet another reason that java is of niggers, by niggers, and for niggers.

James Gosling is the The Capital Nigger of Programming.

[–] 1 pt

I fucking hate Java. Every so often I get a reminder why.