Search
For "log4shell" across CVEs, vendor advisories, threat actors, IOCs, security research, and news. Also searching: CVE-2021-44228, log4j, Log4j2
Apache Log4j2 RCE via JNDI lookup. December 2021.
Improper Input Validation and Injection in Apache Log4j2
The persistent threat: Why major vulnerabilities like Log4Shell and Spring4Shell remain significant
Read on to learn about the danger of the continued use of vulnerable Log4j and Spring Framework versions in many projects.
How Atlassian used Snyk to solve Log4Shell
In this post, we'll recap Walz's experience using Snyk to detect and remediate Log4Shell at Atlassian, as well as Silverman's more in-depth talk about the impact of Log4Shell.
Reviewing CVE-2022-42889: The arbitrary code execution vulnerability in Apache Commons Text
In this post we'll review CVE-2022-42889, the recent Arbitrary Code Execution Vulnerability in Apache Commons Text, including what it is, how to remediate it, and why it's not the new Log4Shell.
CVE-2022-42889
Exploring CVE-2022-33980: the Apache Commons configuration RCE vulnerability
In this post, we'll explore CVE-2022-33980, the Apache Commons configuration RCE vulnerability. However, we want to make it clear that there's no need for panic. This is not Log4Shell all over again. This is simple configuration manipulatio
CVE-2022-33980
Fighting Log4Shell with Huntress Managed EDR | Huntress
Read how our ThreatOps team used Huntress Managed EDR and Managed Antivirus to stop bad actors who were exploiting Log4Shell vulnerabilities.
How LiveRamp used Snyk to remediate Log4Shell
When Log4Shell hit in mid-December 2021, LiveRamp had just completed its POC (proof of concept) trial with Snyk. While LiveRamp's main motivation for deploying Snyk was to secure its CI/CD pipeline, Snyk was able to discover and remediate t
Log4Shell remediation with Snyk by the numbers
Check out this handy infographic to learn more about the Log4Shell timeline, how much time and money our customers have saved by using Snyk, and what some of those customers have said about their experience.
Stranger Danger: Live hack of how a Log4Shell exploit works
Learn about a recent Stranger Danger live hack where Simon Maple, Field CTO at Snyk, Eric Smalling, Senior Developer Advocate at Snyk, and Micah Silverman, Director of DevSecOps Acceleration discussed the Log4Shell vulnerability and demonst
Log4Shell webinar: What you need to know
Here's a recap of our latest Log4Shell webinar about mitigating the Log4j vulnerability.
It takes a community: Responding to open source criticism post-Log4Shell
The truth of the matter is this: open source is never going to be perfect (nothing is!). It's up to us (as community members) to leave things better than we found them, and help improve the state of open source.
Log4Shell: Wrap all your Log4j fixes before the holidays
The main challenge with Log4j is understanding your existing infrastructure, and identifying the location of all vulnerable Log4j libraries. Follow Wiz's recommendations to wrap it all before the Holidays!
Log4Shell 10 days later: Enterprises halfway through patching
Wiz and EY (Ernest & Young) analyzed more than 200 enterprise cloud environments with thousands of cloud accounts. The results were striking: While 93% of all cloud environments are at risk from Log4Shell, on average organizations have patc
Snyk makes it easier to fix Log4Shell with extended free scans
Due to the recently discovered Log4Shell vulnerability, and to support the tremendous effort being mounted by the community to address it, we are happy to announce that we are increasing the free test limit in Snyk Open Source!
Find Log4Shell vulnerabilities in your unmanaged and shaded jars with the Snyk CLI
Announcing a new Snyk CLI command (snyk log4shell) to find affected Log4j libraries that were not disclosed in the manifest file, forked, or repackaged.
Log4Shell: A Tradecraft Tuesday Recap | Huntress
We recap our December 2021 episode of Tradecraft Tuesday where we dive into the Log4Shell vulnerability.
Log4Shell in a nutshell (for non-developers & non-Java developers)
In this post, we'll give an explanation of Log4Shell for non-developers and an overview of the Log4Shell vulnerability for non-Java developers.
Log4Shell remediation cheat sheet
This Log4Shell remediation cheat sheet summarizes the main fixes and recommendations being used to limit exposure to the vulnerability and to reduce the risk of this vulnerability being exploited in production systems.
The Log4j vulnerability and its impact on software supply chain security
Learn more about the massive impact of Log4Shell, the recently disclosed Log4j vulnerability. Learn how far spread it is, how it affects supply chain security, how to prioritize your response, and how to fix it quickly.
Find and fix the Log4Shell exploit fast with Snyk
See how easy (and fast) it is to find and automatically fix Log4Shell with Snyk.
Log4j vulnerability explained: Prevent Log4Shell RCE by updating to version 2.17.1
A new critical vulnerability was disclosed for log4j, a very popular Java logging framework from the Apache foundation. All current versions of log4j2 up to 2.14.1 are vulnerable. You can remediate this vulnerability by updating to version
Log4Shell Meltdown: How to protect your cloud from this critical RCE threat
Log4Shell Meltdown: How to protect your cloud from this critical RCE threat. In this post, we'll provide a quick overview of Log4Shell: what it is, its impact, and recommendations for security teams.
Critical RCE Vulnerability: log4j - CVE-2021-44228 | Huntress
Our team is currently investigating CVE-2021-44228, a critical vulnerability that's affecting a Java logging package.
CVE-2021-44228
Critical RCE Vulnerability Updates (log4j - CVE-2021-44228) | Huntress
Read about how our team investigated CVE-2021-44228, a critical vulnerability that was affecting a Java logging package.
CVE-2021-44228
FTC highlights the importance of securing Log4j and software supply chain
Earlier this week, the FTC issued a warning to companies regarding the Log4j vulnerability. Given the rampant exploitation of the recently discovered vulnerabilities in this ubiquitous open source logging package, it's encouraging to see th
New Log4j 2.17.1 fixes CVE-2021-44832 remote code execution (but it's not as bad as it sounds)
This new CVE-2021-44832 security vulnerability is affecting versions up to 2.17.0, which was previously thought to be fixed. This vulnerability is similar in nature to CVE-2021-4104 which affected the 1.x branch of Log4j.
CVE-2021-44832 · CVE-2021-4104
Log4j 2.16 High Severity Vulnerability (CVE-2021-45105) Discovered
Overnight, it was disclosed by Apache that Log4j version 2.16 is also vulnerable by way of a Denial of Service attack with the impact being a full application crash, the severity for this is classified as High (7.5).
CVE-2021-45105
Log4j 2.15 vulnerability CVE-2021-45046 upgraded to a critical severity arbitrary code execution
It has been discovered that Log4j version 2.15.0 is still susceptible to arbitrary code execution (CVE-2021-45046) in certain circumstances. Upgrade to 2.16.0.
CVE-2021-45046