Several days have passed since the dramatic reveal of CVE-2021-44228 (aka Log4Shell), an easily exploitable (without authentication) RCE flaw in Apache Log4j, a popular open-source Java-based logging utility that’s seemingly used by most enterprise applications out there. The existence of the vulnerability and the public release of PoCs exploiting it have made this weekend a nightmare for those that are tasked with mitigating its fallout and keeping company systems and networks secure.
Read full article on Help Net Security