Log4j for Dummies: How to Determine if Your Server (or Docker Container) Is Affected by the Log4Shell Vulnerability

Approximately a week ago (December 9th, 2021), a 0-day exploit was announced affecting the ubiquitous Java logging library, log4j. This vulnerability (CVE-2021-44228) allows an attacker to pass a request to a server such that the log4j (the logging library/module) parses it and ends up downloading a malicious payload from a remote server. That malicious payload can then be used to carry out further attacks.

This is a companion discussion topic for the original entry at https://engineerworkshop.com/blog/log4j-determine-server-affected-log4shell-vulnerability/
1 Like