Join the community today
Register Now

Security Countless Servers Are Vulnerable to Apache Log4j Zero-Day Exploit (Log4Shell)

Discussion in 'System Administration' started by Revenge, Dec 11, 2021.

  1. Jimmy

    Jimmy Premium Member Premium Member

    1,761
    381
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +967
    Local Time:
    4:33 AM
    1.17.x
    MariaDB 10.3.x
    Yup.

     
  2. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,375
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,678
    Local Time:
    7:33 PM
    Nginx 1.21.x
    MariaDB 10.x
  3. Jimmy

    Jimmy Premium Member Premium Member

    1,761
    381
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +967
    Local Time:
    4:33 AM
    1.17.x
    MariaDB 10.3.x
  4. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,375
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,678
    Local Time:
    7:33 PM
    Nginx 1.21.x
    MariaDB 10.x
    Another log4j vulnerability was discovered (CVE-2021-44832) so v2.17.0 is not longer secure. Folks need to update to log4j v2.17.1 so Elasticsearch search may need another update?

    https://logging.apache.org/log4j/2.x/

    https://nvd.nist.gov/vuln/detail/CVE-2021-44832

     
  5. Jimmy

    Jimmy Premium Member Premium Member

    1,761
    381
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +967
    Local Time:
    4:33 AM
    1.17.x
    MariaDB 10.3.x
    The Neverending Story III

    p18926_p_v10_ab.jpg
     
    Last edited: Jan 1, 2022
  6. Jimmy

    Jimmy Premium Member Premium Member

    1,761
    381
    83
    Oct 24, 2015
    East Coast USA
    Ratings:
    +967
    Local Time:
    4:33 AM
    1.17.x
    MariaDB 10.3.x
    I just read yesterday that there is still huge problems.... holes... etc. [see image above]
     
  7. eva2000

    eva2000 Administrator Staff Member

    49,561
    11,375
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,678
    Local Time:
    7:33 PM
    Nginx 1.21.x
    MariaDB 10.x
    In log4j itself or in 3rd party software that embed older log4j related vulnerable versions?