Apache Log4j 2 CVE-2021-44228
The vulnerable versions of Log4j 2 are versions 2.0 to version 2.14.1 inclusive. The first fixed version is 2.15.0. We strongly encourage you to update to the latest version if you can. If you are using a version before 2.0, you are also not vulnerable.
https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/
The vulnerable versions of Log4j 2 are versions 2.0 to version 2.14.1 inclusive. The first fixed version is 2.15.0. We strongly encourage you to update to the latest version if you can. If you are using a version before 2.0, you are also not vulnerable.
https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/
Docker
Apache Log4j 2 CVE-2021-44228 | Docker
Learn from Docker experts to simplify and advance your app development and management with Docker. Stay up to date on Docker events and new version
Forwarded from SHELL SHOCK
Udemy
Curso completo de Flask de cero a experto
Forwarded from SHELL SHOCK
Udemy
XSS Survival Guide
Digging up the dark corners of XSS
The Story of an RCE on a Java Web Application
It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them for a while. This post is about a vulnerability I’ve found in this company that led to RCE.
https://infosecwriteups.com/the-story-of-a-rce-on-a-java-web-application-2e400cddcd1e
It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them for a while. This post is about a vulnerability I’ve found in this company that led to RCE.
https://infosecwriteups.com/the-story-of-a-rce-on-a-java-web-application-2e400cddcd1e
Medium
The Story of an RCE on a Java Web Application
It was about two months ago (November 2021) I was invited to a private program. According to their program scope, I decided to hack them…
Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package
On Thursday, December 9th, a 0-day exploit in the popular Java logging library log4j (version 2)
was discovered that results in Remote Code Execution (RCE), by logging a certain string.
Given how ubiquitous this library is, the impact of the exploit (full server control),
and how easy it is to exploit, the impact of this vulnerability is quite severe.
We're calling it "Log4Shell" for short.
The 0-day was tweeted along with a POC posted on GitHub. It has now been published as CVE-2021-44228.
https://www.lunasec.io/docs/blog/log4j-zero-day/Forwarded from Cyber Threat Intelligence
BleepingComputer
Ukrainian military agencies, state-owned banks hit by DDoS attacks
The Ministry of Defense and the Armed Forces of Ukraine and two of the country's state-owned banks, Privatbank (Ukraine's largest bank) and Oschadbank (the State Savings Bank), are being hammered by Distributed Denial-of-Service (DDoS) attacks.