github.com/NCSC-NL/log4shell

This repo contains operational information regarding the vulnerability in the Log4j logging library (CVE-2021-44228). For additional information see:

NCSC-NL advisory
MITRE

github.com/NCSC-NL/log4shell


More:

The Wall Street Journal: What Is the [log4shell] Vulnerability?


thenewstack.io/log4shell-we-are-in-so-much-trouble

As Bad as It Gets

So how bad is Log4Shell really? As bad as it gets. According to the National Vulnerability Database (NVD), it’s rated as 10.0 CVSSv3 which, by my count of a 0.1 to 10 scale, is the worst possible. If successfully exploited, attackers can hit you with a Remote Code Execution (RCE) attack, which can be used to compromise your servers. Given how easy it is to exploit, even as you’re reading this, odds are decent you’re being attacked.




 4,007 total views,  23 views today


Subscribe to be notified of new posts:


Krupczak logo

Home

Leave a comment

Your email address will not be published.