livedoor ニュース

Java用ロギングライブラリ「Apache Log4j 2」にリモートコード実行の ...

Apache Log4j 2.15.0より前の2.x系のバージョンがCVE-2021-44228の影響を受けるとされている。Apache Software Foundationからは修正版としてApache Log4j 2.15.0がリリースされている。2.15.0では、KJNDI Lookup機能がデフォルトで無効にされた。
CodeZine(コードジン)

プログラミング言語Scala、Apache Log4j 2の脆弱性による影響や対処方法 ...

翔泳社では、「独習」「徹底入門」「スラスラわかる」「絵で見てわかる」「一年生」などの人気シリーズをはじめ、言語や開発手法、最新技術を解説した書籍を多数手がけています。プロジェクトマネジメントやチームビルティングといった管理職向けの ...
Bleeping Computer

Latest Apache Log4j news

Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries ...
livedoor ニュース

重大な脆弱性が発見されたApache Log4j、38%がまだ脆弱なバージョン利用

Veracodeはこのほど、「State of Log4j Vulnerabilities: How Much Did Log4Shell Change?|Veracode」において、Apache Log4jを使用するアプリケーションの約38%が現在も脆弱なバージョンのLog4jを使用していると伝えた。 State of Log4j Vulnerabilities: How Much Did ...
CSOonline

The Apache Log4j vulnerabilities: A timeline

The Apache Log4j vulnerability has impacted organizations around the globe. Here is a timeline of the key events surrounding the Log4j exploit as they have unfolded. The Apache Log4j vulnerability has ...
PC Magazine

Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit

The vulnerability allows remote code execution on servers, including those operated by Apple, Twitter, Valve, Tencent, and other major service providers. I've been writing about tech, including ...
SiliconANGLE

Apache releases Log4j patch to address new RCE vulnerability

The Apache Software Foundation has released a new patch for Log4j, the Java-based logging utility that has seen vulnerabilities targeted en masse by hackers since Dec. 13. Log4j 2.17.1, the fifth ...
Gizmodo

Log4j: Just How Screwed Are We?

Well, it’s certainly been a year for cyber debacles, so, sure, why not tie things off with a nice, fat security vulnerability that affects almost everything on the internet? That sounds about right.
ZDNet

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability

Apache said version 2.16 "does not always protect from infinite recursion in lookup evaluation" and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the ...
Bleeping Computer

Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS

All set for the weekend? Not so fast. Yesterday, BleepingComputer summed up all the log4j and logback CVEs known thus far. Ever since the critical log4j zero-day saga started last week, security ...
SiliconANGLE

As Apache releases new patch, researchers discover new Log4j attack vector

Security researchers have discovered a new attack vector that exploits the Log4j vulnerability as the Apache Foundation has released a new patch to address the overall issue. Discovered late last week ...