What is Log4j Vulnerability?
Whether you are a tech geek or love to keep abreast of the recent developments in the IT-tech world, you are going to love this short article on Log4j Vulnerabilities. It is now a hot and trending topic in mainstream media. For example, Economics times have already covered its news and asked others to be aware of its dangers.?
Do you need to worry about it? What is it? What impact did it make so far? To answer all such questions, you need to check whether you are using the "log4j" code. Java is open-source, and most of our mainstream apps work through Logging. According to a study by Sync, around 60% of users are indirectly using log4j (log for Java). So are you vulnerable? Yes, you are!
To keep your data safe, you have to be aware of it and how your systems can be affected??
Well! What is log4j?
In basic terms, you can say that every online Application developed on open source, i.e., Java, uses many data structures such as Username, User ID, locations, and others. So Logging helps them in the proper categorization of Data to fetch.
Log4j Vulnerability
Before Knowing this, you have to understand a few terms-
Vulnerability
?As we know, Java never disallows any open source code. In a way, you can say that if I want to run my great grandfather's codes on Java, it will work without any hassle if the resources are provided.
So, if any evil hacker inputs some code as explained in images
As per the code, Java will run the code, and the malicious object will run on the app. And after that, hackers will get to RCE ( remote code execution ) and run any code they want to run on the apps.
Now, you have realized how vulnerable you can be. This Vulnerability is commonly termed as log4shell or LogJam and CVE-2021-44228
Few Facts about Log4j Vulnerabilities
This log4j shell was firstly introduced in 2013, and approximately a decade later, these vulnerabilities were discovered by cyber securities. Therefore no one has any ideas about its exploitation.
Remediation
The most important part, How to secure sour Data in log4j Vulnerability