The leak in Log4j explained
The leak in Log4j explained
As you may have heard from the press, a security issue was recently found through the widely used application named “Apache Log4j”. “Apache Log4j” is a supporting application mainly used by programs that use a web browser (Chrome, Edge Internet Explorer…) as well as public websites.
What’s the problem?
The vulnerability in the open source tool Apache Log4j 2 makes it possible to remotely inject and execute arbitrary code with the permissions of the respective Java application. The vulnerability is labeled CVE-2021-44228 and is also known as Log4Shell.
What must be done to avoid security problems?
Apache, the software supplier that manages this (helper) application, has meanwhile released an update for the Log4j tool (v2.15.0). It is therefore of the utmost importance to have it installed or have it installed quickly.
Several other software vendors that use this Log4j technology have already released updates. So be sure to ask your (software) supplier(s) if this applies.
At K-Force, we have already proactively checked our own programs and checked our customers (websites) with managed services. So far, no problems or risks have been identified here and according to the information we currently have, everything is properly secured.
Questions?
Of course you can always contact us for all your further questions regarding this subject. The quickest way to do this is by sending an e-mail with a clear question to info@k-force.be.