ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
Log4Shell-like security hole found in popular Java SQL database engine H2 - "It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in th... https://nakedsecurity.sophos.com/2022/01/07/log4shell-like-security-hole-found-in-popular-java-sql-database-engine-h2/ #cve-2021-42392 #vulnerability #log4j #java #jndi #sql #h2
#h2 #sql #jndi #java #log4j #vulnerability #cve
lars · @ls
179 followers · 3375 posts · Server social.lsnet.euSehr gehässig geschrieben und damit wohl auch durchaus zutreffend...
"Kommentar zu Log4j: Es funktioniert wie spezifiziert"
https://www.heise.de/meinung/Kommentar-zu-log4j-Es-funktioniert-wie-spezifiziert-6294476.html
#Log4Shell #log4j #java #jndi #Heise
Cedric 🏴 🎃 · @cedric
345 followers · 1050 posts · Server fosstodon.orgHelp fuzz various protocols and waits for ping backs Integrates #LDAP server and #JNDI payload
Cedric · @cedric
374 followers · 1225 posts · Server fosstodon.orgHelp fuzz various protocols and waits for ping backs Integrates #LDAP server and #JNDI payload
AiRolG · @airolgloria
15 followers · 406 posts · Server mastodon.online
a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string.
* the impact of the exploit (full server control)
* JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are safe
* 2.0 <= Apache log4j <= 2.14.1 are in trouble
#log4j2 #java #day2 #p0rz9 #apache #rce #jndi #update
https://www.lunasec.io/docs/blog/log4j-zero-day/
#update #jndi #rce #apache #p0rz9 #day2 #Java #log4j2