At dawn a sharp alarm reveals a malicious C2 connection in the Linux empire, prompting a frantic hunt through hidden processes, missing logs, and a secret traffic‑analysis system that uncovers a Log4Shell JNDI exploit launched via port 36560, ultimately exposing mis‑configured ElasticSearch and prompting emergency patches.
This article explains the purpose of Java's parent‑delegation class‑loading mechanism, describes its three built‑in loaders, shows how custom loaders can override it, and explores common situations—such as JNDI, JDBC, Tomcat, and OSGi—where developers intentionally break the delegation for flexibility and modularity.
The article explains the Log4j2 remote code execution flaw caused by unsafe JNDI lookups, outlines its widespread impact on Java applications and major Chinese tech firms, and provides concrete emergency mitigation steps such as JVM parameter changes, firewall rules, and upgrading to version 2.17.0.
The article explains how JNDI works as a configuration and naming service in Java, shows its use with database drivers, and demonstrates how its SPI mechanism can be abused to load remote code, leading to serious security exploits such as the Log4j vulnerability.
This article examines the Log4j2 critical vulnerability, explains why merely having log4j‑api does not guarantee exposure, demonstrates step‑by‑step reproduction in a Spring Boot project, analyzes the JNDI injection mechanism, and outlines temporary mitigations and official fixes.
Apache Log4j 2.16.0 has been released, offering updated SLF4J adapters, disabling JNDI by default to mitigate CVE‑2021‑44228, removing message lookups, and requiring Java 8+, with detailed upgrade instructions and links to download and issue trackers.
This article explains the fundamentals of Java Naming and Directory Interface (JNDI), its architecture and typical usage, then walks through a step‑by‑step RMI implementation and demonstrates how JNDI can be abused to craft a Log4j2 remote code execution attack, complete with full code samples and mitigation advice.
This article analyzes three Fastjson deserialization exploit chains—JdbcRowSetImpl, TemplatesImpl, and BasicDataSource—detailing how crafted JSON payloads trigger JNDI lookups, load remote malicious bytecode, and ultimately achieve remote code execution without requiring special Fastjson features.
This article explains why creating a database connection for each request is inefficient, introduces the concept and configuration of connection pools, provides a custom Java DataSource implementation, and demonstrates the use of popular open‑source pools such as DBCP, C3P0, and Tomcat JNDI with complete code examples.
