a 0-day exploit in the popular Java logging library log4j was discovered that results in Remote Code Execution (RCE) by logging a certain string.
* the impact of the exploit (full server control)
* JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are safe
* 2.0 <= Apache log4j <= 2.14.1 are in trouble

#log4j2 #java #day2 #p0rz9 #apache #rce #jndi #update
https://www.lunasec.io/docs/blog/log4j-zero-day/