https://arstechnica.com/information-...-is-it-really/
A Java logging framework allows you to run remote code. It's been there for years and people have only just woken up to how much of a hole or is in security.
If the application you are using writes the text you have entered to a log file using log4j, then you can inject code to be executed by log4j.
This could cause havoc because it's in widely used Apache software on all platforms.
A Java logging framework allows you to run remote code. It's been there for years and people have only just woken up to how much of a hole or is in security.
If the application you are using writes the text you have entered to a log file using log4j, then you can inject code to be executed by log4j.
This could cause havoc because it's in widely used Apache software on all platforms.
Aucun commentaire:
Enregistrer un commentaire