Hacker News
Lobsters
- RCE 0-day exploit found in log4j, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/ 139 comments java , security
- Just making sure this has been posted here. Paper and Minecraft servers are just some of the many vulnerable servers out there. https://www.lunasec.io/docs/blog/log4j-zero-day/ 59 comments selfhosted
- Log4J Java 0 Day exploit in the wild today. https://www.lunasec.io/docs/blog/log4j-zero-day/ 48 comments linuxadmin
- Critical Log4j Vulnerability CVE-2021-44228 - CF2021 (and likely CF2018 11+) https://www.lunasec.io/docs/blog/log4j-zero-day/ 7 comments coldfusion
- RCE 0-day exploit found in log4j, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/ 158 comments java
- RCE 0-day exploit found in log4j, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/ 756 comments programming
- RCE 0-day exploit found in log4j, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/ 278 comments netsec
Linking pages
- "Open Source" is Broken - Xe Iaso https://christine.website/blog/open-source-broken-2021-12-11 733 comments
- Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ 297 comments
- Log4Shell Update: Severity Upgraded 3.7 to 9.0 for Second log4j Vulnerability (CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/ 214 comments
- A Log4J Vulnerability Has Set the Internet 'On Fire' | WIRED https://www.wired.com/story/log4j-flaw-hacking-internet/ 138 comments
- "Zero-Days" Without Incident - Compromising Angular via Expired npm Publisher Email Domains – The Hacker Blog https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/ 76 comments
- I won't let you pay me for my open source https://world.hey.com/dhh/i-won-t-let-you-pay-me-for-my-open-source-d7cf4568 58 comments
- ‘Extremely bad’ vulnerability found in widely used logging system - The Verge https://www.theverge.com/2021/12/10/22828303/log4j-library-vulnerability-log4shell-zero-day-exploit 51 comments
- URGENT: Analysis and Remediation Guidance to the Log4j Zero-Day RCE (CVE-2021-44228) Vulnerability | Veracode https://www.veracode.com/blog/security-news/urgent-analysis-and-remediation-guidance-log4j-zero-day-rce-cve-2021-44228 46 comments
- Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaTrace https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ 31 comments
- Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit | PCMag https://www.pcmag.com/news/countless-serves-are-vulnerable-to-apache-log4j-zero-day-exploit 19 comments
- Log4Shell and its traces in a network egress filter | Chaser Systems https://chasersystems.com/discrimiNAT/blog/log4shell-and-its-traces-in-a-network-egress-filter/ 12 comments
- Guide: How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228 & CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/ 12 comments
- Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet | Ars Technica https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/ 11 comments
- A Log4J Vulnerability Has Set the Internet 'On Fire' | WIRED https://www.wired.com/story/log4j-flaw-hacking-internet/amp 10 comments
- log4shell - Quick Guide - musana https://musana.net/2021/12/13/log4shell-Quick-Guide/ 2 comments
- Log4j Developer Response - Cisco Blogs https://blogs.cisco.com/developer/log4jdevresponse01?ccid=appdynamics-page&dtid=reddit&oid=michaelchenetz-fy22-q2-0000-log4jdevresponse01-ww 2 comments
- Understanding Log4Shell via Exploitation and Live Patching (CVE-2021-44228 + CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/ 1 comment
- Week in Ethereum News December 11, 2021 – Week in Ethereum News https://weekinethereumnews.com/week-in-ethereum-news-december-11-2021 1 comment
- What is EPSS? A new rating system for vulnerabilities to replace CVSS. | LunaTrace https://www.lunasec.io/docs/blog/what-is-epss/ 1 comment
- Curating Dependency Vulnerabilities | Tales about Software Engineering https://beny23.github.io/posts/curating_vulnerabilities/ 0 comments
Linked pages
- Log4j – Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html 708 comments
- Log4Shell Update: Second log4j Vulnerability Published (CVE-2021-44228 + CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day-update-on-cve-2021-45046/ 297 comments
- CVE - CVE-2021-45046 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046 204 comments
- Canarytokens https://canarytokens.org/generate 67 comments
- Spring4Shell: Security Analysis of the latest Java RCE '0-day' vulnerabilities in Spring | LunaTrace https://www.lunasec.io/docs/blog/spring-rce-vulnerabilities/ 31 comments
- Exploiting JNDI Injections in Java | Veracode blog https://www.veracode.com/blog/research/exploiting-jndi-injections-java 19 comments
- Guide: How To Detect and Mitigate the Log4Shell Vulnerability (CVE-2021-44228 & CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/ 12 comments
- Log4j – Download Apache Log4j⢠2 https://logging.apache.org/log4j/2.x/download.html 8 comments
- GitHub - mbechler/marshalsec https://github.com/mbechler/marshalsec/ 3 comments
- https://twitter.com/P0rZ9/status/1468949890571337731 3 comments
- Run Your Own Authoritative DNS Servers | Josh Mcguigan - The things I write https://www.joshmcguigan.com/blog/run-your-own-dns-servers/ 1 comment
- https://lists.apache.org/thread/83y7dx5xvn3h5290q1twn16tltolv88f 1 comment
- Understanding Log4Shell via Exploitation and Live Patching (CVE-2021-44228 + CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4shell-live-patch-technical/ 1 comment
- BlueTeam CheatSheet * Log4Shell* | Last updated: 2021-12-20 2238 UTC · GitHub https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 0 comments
- LOG4J2-3211 - Remove Messge Lookups by rgoers · Pull Request #623 · apache/logging-log4j2 · GitHub https://github.com/apache/logging-log4j2/pull/623 0 comments
- How to Automatically Mitigate Log4Shell via a Live Patch (CVE-2021-44228 + CVE-2021-45046) | LunaTrace https://www.lunasec.io/docs/blog/log4shell-live-patch/ 0 comments
- GitHub - christophetd/log4shell-vulnerable-app: Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228). https://github.com/christophetd/log4shell-vulnerable-app 0 comments
- CVE-2021-44228 - Log4j 2 Vulnerability Analysis - Randori Attack Team https://www.randori.com/blog/cve-2021-44228/ 0 comments
- Cas van Cooten on Twitter: "A story in three parts 😶 #log4j https://t.co/XMl02BcaJY" / Twitter https://twitter.com/chvancooten/status/1469340927923826691 0 comments
Would you like to stay up to date with Java? Checkout Java
Weekly.
Related searches:
Search whole site: site:www.lunasec.io
Search title: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaTrace
See how to search.