The Log4J Vulnerability Update
Researchers have discovered a major vulnerability in the Apache logging library Log4j that could allow attackers to remotely execute malicious code on servers and devices.
The flaw, known as Log4Shell, is exposing some of the world's most popular applications and services to attack.
It can be exploited by sending specially crafted requests over TCP or UDP protocols using port 514 via network connections such as VPNs or Wi-Fi hotspots.
Hackers could exploit this vulnerability to take control of vulnerable systems without requiring authentication credentials or any other form of interaction with users on affected systems—a so-called “zero day” attack because developers have had zero days since disclosure to patch their software.
None of the websites, apps, or software CodeBru actively manages is threatened. We have reviewed the list of Apache softwares that are at risk and none have been used by our team for development.
If you think your website, app, or custom software could be in danger let us know. We can do an audit and help make the necessary updates.