Request a Demo Contact Us
It's Awards Season in the Bugcrowd Community! See 2022 Buggy Award, MVP, and P1 Warrior Winners
Read Now

Security Flash : Technical Deep Dive on Log4Shell

Log4Shell Zero-Day Exploit

 

 

On Dec. 9, 2021, a zero-day exploit (since dubbed “Log4Shell”) was observed in the wild targeting a critical RCE vulnerability in Log4j, the ubiquitous open source logging tool. (Per NIST, in affected versions, JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI-related endpoints.) Numerous platforms appear to have been affected–including Apple, Cloudflare, and Twitter–in addition to the raft of popular Java ecosystem products with Log4j embedded in their software supply chains, such as Logstash, Apache Kafka, Elasticsearch, and even Minecraft. Listen to this 15-Minute Security Flash with Casey to learn more about this zero-day vulnerability.

 

More resources

LevelUp

Finding and Exploiting Hidden Functionality in Windows DLLs

Learn More
Report

The State of Retail Cybersecurity

Read More
LevelUp

Sticking With It : How To Choose a Target & Stay Motivated

Learn More

Get Started with Bugcrowd

Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.