ZDNet

Security warning: New zero-day in the Log4j Java library is already being exploited

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as ...
Bleeping Computer

New zero-day exploit for Log4j Java library is an enterprise nightmare

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike ...
GitHub

log4j-jndi-be-gone

Add -javaagent:path/to/log4j-jndi-be-gone-1.0.0-standalone.jar to your java commands. Note: If you already have Byte Buddy in the classpath, try using log4j-jndi-be ...
GitHub

kozmer/log4j-shell-poc

A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, ...
InfoWorld

How to detect the Log4j vulnerability in your applications

A bug in the ubiquitous Log4j library can allow an attacker to execute arbitrary code on any system that uses Log4j to write logs. Does yours? Yesterday the Apache Foundation released an emergency ...
Microsoft

Microsoft’s Response to CVE-2021-44228 Apache Log4j 2

Microsoft continues our analysis of the remote code execution vulnerabilities related to Apache Log4j (a logging tool used in many Java-based applications) disclosed on 9 Dec 2021. Currently, ...