Search results
Results From The WOW.Com Content Network
Log4Shell (CVE-2021-44228) is a zero-day vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution. [2] [3] The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021.
A zero-day vulnerability involving remote code execution in Log4j 2, given the descriptor "Log4Shell" (CVE-2021-44228), was found and reported to Apache by Alibaba on November 24, 2021, and published in a tweet on December 9, 2021. [12] Affected services include Cloudflare, iCloud, Minecraft: Java Edition, [42] Steam, Tencent QQ, and Twitter.
A fact from Log4Shell appeared on Wikipedia's Main Page in the Did you know column on 26 December 2021 (check views). The text of the entry was as follows: Did you know... that the software vulnerability Log4Shell affects hundreds of millions of devices worldwide? A record of the entry may be seen at Wikipedia:Recent additions/2021/December.
Main page; Contents; Current events; Random article; About Wikipedia; Contact us; Donate
ZDNET reported in March 2022 that hackers utilized Log4Shell on some customers' VMware servers to install backdoors and for cryptocurrency mining. [47] In May 2022, Bleeping Computer reported that the Lazarus Group cybercrime group, which is possibly linked to North Korea , was actively using Log4Shell "to inject backdoors that fetch ...
November and December: On November 24, Chen Zhaojun of Alibaba's Cloud Security Team reported a zero-day vulnerability (later dubbed Log4Shell) involving the use of arbitrary code execution in the ubiquitous Java logging framework software Log4j.
In February 2024, a malicious backdoor was introduced to the Linux build of the xz utility within the liblzma library in versions 5.6.0 and 5.6.1 by an account using the name "Jia Tan".
All unrelated to log4shell and easy to migitate. The whole reload4j project is obsolete and there is no need to introduce problems like classpath crashes using it. That said, I don't think it's worth mentioning it on the log4j wikipedia. Cy23 18:54, 19 February 2022 (UTC) Indeed, log4j 1.x was not affected by log4shell.