SaaS News Hubb
Advertisement
  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us
No Result
View All Result
  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us
No Result
View All Result
SaaS News Hubb
Home Software Development

Log4J Vulnerability: Security Flaw and Solution

by admin
May 6, 2022
in Software Development
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


Log4j is a logging framework for Java. Basically, those of us in development and security try to do good by logging things in applications. This helps developers with troubleshooting and helps security analysts find anomalies in those logs. Let’s say you’re developing some application and want to do good, but don’t really want to write all the code to generate those logs. That’s where Log4j comes into play. It’s a free open-source framework, which enables you to easily wrap it into your project and save a ton of time. 

Log4j is utilized by millions of third-party enterprise applications, cloud services, and manufacturers, including IoT devices. It’s literally on Mars. The Mars 2020 drone, Ingenuity, is logging data with Log4j. 

Unfortunately, a bug in this library allows for a vulnerability we’re calling Log4Shell. This allows an attacker to send a message to a vulnerable application, giving them the potential to execute malicious code. 

Factors like the vulnerability being so widespread, the fact that it’s difficult to pinpoint all the places it exists and the vulnerability being extremely easy to exploit makes this a perfect storm. All an attacker needs to do is simply prepare a malicious file, place it on a server they control and send some modified text to a field that’s being logged by the application server. 

Once the server logs this string, Log4j will retrieve and execute the malicious code from the attacker’s server. The potential for an attacker to then control the application and move elsewhere within an organization’s network is very real. 

Does this mean every software using Log4j is vulnerable to this exploit?

Not at all! The caveat is that your application would need to be logging the field that an attacker could send that modified text to. Think of it like this: Let’s say you have a Java application which allows your users to log in with an account. Do you want to log all the attempted usernames? Probably! But that’s also a great example of a field the attacker could use to submit that modified code instead of a username.



Source link

Previous Post

Weekly News for Designers № 642

Next Post

Data Quality Using Anomalo with Jeremy Stanley

Related Posts

Software Development

Report | Evaluating DevSecOps Tools

May 19, 2022
Software Development

Avoiding Design by Committee

May 19, 2022
Software Development

Global skills and literacy shortfalls in data and analytics

May 18, 2022
Software Development

Why Full Stack Web Development Is Still a Viable Path

May 18, 2022
Software Development

Reskill Non-Tech Talent for Software Careers

May 17, 2022
Software Development

20 Fantastic Lightroom Presets for Adding Instagram Effects to Your Shots

May 17, 2022

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Most Popular

News

Customer Acquisition Strategy for SaaS Companies: A Complete Guide

May 19, 2022
Software Engineering

Crystal balls and clairvoyance: Future proofing in a world of inevitable change

May 19, 2022
Software Engineering

Tell a Compelling Story: Pitch Deck Components That Persuade

May 19, 2022
Software Engineering

Skyflow Privacy and Compliance with Sean Falconer

May 19, 2022
Software Development

Report | Evaluating DevSecOps Tools

May 19, 2022
Software Development

Avoiding Design by Committee

May 19, 2022
SAAS Applications

How AI Changes the Future of Sales and Marketing

May 19, 2022
SAAS Applications

Dynamics 365 CE Edit Filter Criteria Error

May 19, 2022
SAAS Applications

The Beginner’s Guide to SEO for Retailers

May 19, 2022

© 2022 Sass News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy

Navigate Site

  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us

Newsletter Sign Up

No Result
View All Result
  • Home
  • News
  • Software Engineering
  • Software Development
  • SAAS Applications
  • Contact Us