Servidores servidores

more Log4j

Log4j zero-day: How to protect yourself
Apache releases new 2.17.0 patch
Security firm discovers new attack vector
10 questions you need to be asking
Governments release Log4j advisory
So far, nearly half of corporate networks have been attacked
US: Hundreds of millions of devices at risk

A second vulnerability involving Apache Log4j was found on Tuesday after cybersecurity experts spent days attempting to patch or mitigate CVE-2021-44228.

The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was "incomplete in certain non-default configurations."

"This could allow attackers... to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack," the CVE description says.

Apache has already released a patch, Log4j 2.16.0, for this issue. The CVE says Log4j 2.16.0 fixes the problem by removing support for message lookup patterns and disabling JNDI functionality by default. It notes that the issue can be mitigated in prior releases by removing the JndiLookup class from the classpath.

John Bambenek, principal threat hunter at Netenrich, toldZDNetthe solution is to disable JNDI functionality entirely (which is the default behavior in the latest version).

"At least a dozen groups are using these vulnerabilities so immediate action should be taken to either patch, remove JNDI, or take it out of the classpath (preferably all of the above)," Bambenek said.

The original flaw in Log4j, a Java library for logging error messages in applications, has dominated headlines since last week. Exploits started on December 1, according to Cloudflare, and an initial alert by CERT New Zealand sparked others by CISA and the UK's National Cyber Security Centre.

The Dutch National Cyber Security Center released a lengthy list of software that is affected by the vulnerability.

International security company ESET released a map showing where Log4j exploitation attempts have been made, with the highest volume occurring in the US, the UK, Turkey, Germany, and the Netherlands.

ESET

"The volume of our detections confirms it's a large-scale problem that won't go away anytime soon," Roman Kov

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

Servidores servidores

Noticias calientes

Six strategies for getting the most out of Wi-Fi 6E and 6 GHz

Comparing Cisco Catalyst 9300 Switch Models

Cisco Catalyst 9200 9200L Series Manual free PDF download

Quick Replacement Methods for Faulty Network Switches

2024 Revised Edition: How to Check Cisco Product Serial Numbers?

Cisco Catalyst 1300 Series Firmware: A Comprehensive Guide

What is the phone number for Cisco support?

What is Cisco WLAN controller?

What does a Cisco wireless controller do?

What is Active-Active Data Center?

What is Cisco Partner Program? How to join Cisco partner?

What does Cisco ASR do?

Huawei S6700: How to Configure the MTU Value of an Interface

Huawei Switch S6700 Configuring the Traffic Statistics Interval

Huawei NE router: forget console password, how to recover it

What is Cisco Catalyst 3650?

How about cisco 2960X?

Huawei CloudEngine switches split stacking

What is Cisco ISR?

What is the Cisco SD-WAN?

What is Cisco licenses?

What is Cisco Catalyst 3750?

Huawei S6700 Backup Configuration File to FTP Server or Client

Restoring Factory Settings on Huawei CloudEngine Series Switches

What is Catalyst 9500?

Difference between Huawei HC & HCS & HCSO

What is the difference between Catalyst 9200 and 9200L?

Is the Cisco 3850 a switch or a router?

HUAWEI Switches S6700 - Example: Configuring the Device as an SCP Client

What does the Cisco company do?

Second Log4j vulnerability discovered, patch already released

more Log4j

Etiquetas calientes: tecnología seguridad

Ordering Guide

Recursos recursos

Sobre nosotros

Cisco Price, Dell Price, Huawei Price, ZTE HPE Fortinet Switch Router Server At Low Price

Servidores servidores

Noticias calientes

Six strategies for getting the most out of Wi-Fi 6E and 6 GHz

Comparing Cisco Catalyst 9300 Switch Models

Cisco Catalyst 9200 9200L Series Manual free PDF download

Quick Replacement Methods for Faulty Network Switches

2024 Revised Edition: How to Check Cisco Product Serial Numbers?

Cisco Catalyst 1300 Series Firmware: A Comprehensive Guide

What is the phone number for Cisco support?

What is Cisco WLAN controller?

What does a Cisco wireless controller do?

What is Active-Active Data Center?

​What is Cisco Partner Program? How to join Cisco partner?

What does Cisco ASR do?

Huawei S6700: How to Configure the MTU Value of an Interface

Huawei Switch S6700 Configuring the Traffic Statistics Interval

Huawei NE router: forget console password, how to recover it

What is Cisco Catalyst 3650?

How about cisco 2960X?

Huawei CloudEngine switches split stacking

What is Cisco ISR?

What is the Cisco SD-WAN?

What is Cisco licenses?

What is Cisco Catalyst 3750?

Huawei S6700 Backup Configuration File to FTP Server or Client

Restoring Factory Settings on Huawei CloudEngine Series Switches

What is Catalyst 9500?

Difference between Huawei HC & HCS & HCSO

What is the difference between Catalyst 9200 and 9200L?

Is the Cisco 3850 a switch or a router?

HUAWEI Switches S6700 - Example: Configuring the Device as an SCP Client

​What does the Cisco company do?

Second Log4j vulnerability discovered, patch already released

more Log4j

Etiquetas calientes: tecnología seguridad

Ordering Guide

Recursos recursos

Sobre nosotros

What is Cisco Partner Program? How to join Cisco partner?

What does the Cisco company do?