Log4j is a Java based log utility which is written by Ceki Gulcu. it is Apache Logging services and it is Java logging frameworks.
What Is Log4j ?
It is a logging library created by the Apache Software Foundation. It allows hackers to execute commands on system. The main fault with it is that it allows the hackers to access the targeted computer system. It is week as it effects the widely used library created by the widely used web server Apache.Apache log4j security vulnerability.
On 9 December the vulnerability came to be known but it is said that it was surfaced from 1 December and was first highlighted by the Alibaba Cloud Server team of Chen Zhoajun. CVE number is 2021-44228.
The problem that comes in the log4j 3 version is that it is common library for logging and are used across the world. Developer can have a close watch on the application logging in. Big companies rely on the source for logging.
Over 400,000 downloads are there in open source Apache log4j library as per cybersecurity report from check point.
It should be taken serious because hackers can have full access of the device and can do anything with your valuable data, hackers control java based web server and they can launch REC that is ‘remote code execution’ attack.
Source – logging.apache.org
It is fast and easy as well as it is really very flexible written in Java script distributed under the Apache Software License . The software is very popular package of logging in Java script. This has been ported to the other languages as c,c++,c#, Perl, Python , Ruby and Eiffel language.
Why Log4j Made You Worried?
It is found to be one of the worst of the worst cyber security flaws it keep the whole internet at risk. Why it is said so and what had been discovered it will discuss here.
It is said to be the worst vulnerability found said to be worst cyber security flaws which have been discovered. It is based on the most common open source library which have been used by most of the agencies even government enterprises and agencies also.
According to the reports of the vulnerability it is said that this Log4j already being used by the hackers and it gave these hackers to access the device and can run any functions wrongly on the device or server.
Statement Of Tech Companies On Log4j
The most affected tech companies Microsoft who also owned Minecraft was the first to catch this vulnerability flaw and also initiated in issuing an statement according to which the game version was at great risk they also said that they had to take an step to secure the server and the game.
Google said in the statement Google is currently searching about the vulnerability for Google Cloud Services and they kept on updating about the matter through the customer communications.
NetApp also issue an statement, NetApp is who provide the data management cloud solution said that using the log4j can leads to disclosure of the some valuable and important information and can also add or modified the DoS data of Services.
Cisco also said that their services and products are at risk and is searching and investigating on for any other flaws the very popular Cisco Webex Meeting server also affected by this.
Cloudfare another tech company put an statement asking their users to update it versions and also use update software patchware.
Another enterprise VMware said in its satement that they also have been exploited by the log4j and also log4j exploit.
Apple till date did not issue any statement regarding log4j exploit.