Join the community today
Become a Member

Security Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit (Log4Shell)

Discussion in 'System Administration' started by Revenge, Dec 11, 2021.

  1. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    10:27 PM
    Yup.

     
  2. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:27 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  3. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    10:27 PM
  4. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:27 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Another log4j vulnerability was discovered (CVE-2021-44832) so v2.17.0 is not longer secure. Folks need to update to log4j v2.17.1 so Elasticsearch search may need another update?

    https://logging.apache.org/log4j/2.x/

    https://nvd.nist.gov/vuln/detail/CVE-2021-44832

     
  5. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    10:27 PM
    The Neverending Story III

    p18926_p_v10_ab.jpg
     
    Last edited: Jan 1, 2022
  6. Jimmy

    Jimmy Well-Known Member

    1,788
    390
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +990
    Local Time:
    10:27 PM
    I just read yesterday that there is still huge problems.... holes... etc. [see image above]
     
  7. eva2000

    eva2000 Administrator Staff Member

    54,098
    12,177
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,735
    Local Time:
    1:27 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    In log4j itself or in 3rd party software that embed older log4j related vulnerable versions?