BestHub
search
Sign in
Tag

JNDI injection

1 views collected around this technical thread.

Laravel Tech Community
Laravel Tech Community
Dec 13, 2021 · Information Security

Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps

On December 10, a critical remote code execution vulnerability in Apache Log4j 2.x (≤ 2.14.1) was disclosed, allowing attackers to execute arbitrary code via JNDI injection; the article explains the flaw, affected components, detection methods, and urgent remediation measures such as disabling lookups and upgrading to safe versions.

JNDI injectionMitigationRemote Code Execution
0 likes · 5 min read
Apache Log4j2 Remote Code Execution Vulnerability: Description, Impact, and Mitigation Steps
macrozheng
macrozheng
Dec 12, 2021 · Information Security

Unpacking the Log4j2 Log4Shell Vulnerability: How JNDI Injection Works

This article breaks down the widely publicized Log4j2 (Log4Shell) flaw, explaining the underlying JNDI and LDAP lookup mechanisms, how malicious payloads are executed through log messages, the massive impact across Java ecosystems, and the steps needed to remediate the issue.

JNDI injectionJava securityRemote Code Execution
0 likes · 10 min read
Unpacking the Log4j2 Log4Shell Vulnerability: How JNDI Injection Works