IT Security: Log4j made simple(ish)

What is the log4j issue?

Apache Log4j is a java application embedded in many systems and software distributions. It is used to process log files. It can embedded quite deep so you have to hunt for it. It has been found to run an attacker’s code at will on the host system. This code can be pulled in from an external system by using the “JNDI” functions included in Log4j. In short, an attacker can embed a short string into a web request and if this request gets logged and gets processed by Log4j it will run . . .

This content is restricted to subscribers