This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228). For additional information see:
The Wall Street Journal: What Is the [log4shell] Vulnerability?
As Bad as It Gets
So how bad is Log4Shell really? As bad as it gets. According to the National Vulnerability Database (NVD), it’s rated as 10.0 CVSSv3 which, by my count of a 0.1 to 10 scale, is the worst possible. If successfully exploited, attackers can hit you with a Remote Code Execution (RCE) attack, which can be used to compromise your servers. Given how easy it is to exploit, even as you’re reading this, odds are decent you’re being attacked.
9,585 total views, 13 views today