WelcomeUser Guide
ToSPrivacyCanary
DonateBugsLicense

©2024 Poal.co

1.3K
(+9/-0)
Patch Log4j

Do it. Not fucking around here. Google how to patch it and make sure whatever apps you use are patched as well. Log4j is component of a fuckton of IBM and Oracle apps. Basically anything that uses java, make sure.

Upgrading it is better but if you can’t, patch it.

Do it. Not fucking around here. Google how to patch it and make sure whatever apps you use are patched as well. Log4j is component of a fuckton of IBM and Oracle apps. Basically anything that uses java, make sure. Upgrading it is better but if you can’t, patch it.

(post is archived)

You are currently inside a comment thread.
Click here to see all the comments (5).
[–] 2 pts

Basically you can craft an LDAP query call and log4j processes it as a log but when it hits the system it can be a CLI command that runs as root or Administrator. The bad guy has a LDAP server with the command to be run as an LDAP entry. Log4J gets it and runs it.

https://blog.checkpoint.com/2021/12/11/protecting-against-cve-2021-44228-apache-log4j2-versions-2-14-1/

[–] 1 pt

Thanks mate. IBM is notoriously shitpozzed with diverse globohomo.