{"id":1425,"date":"2023-02-15T13:19:42","date_gmt":"2023-02-15T18:19:42","guid":{"rendered":"https:\/\/testing.sqalogic.com\/?p=1425"},"modified":"2023-10-25T09:30:23","modified_gmt":"2023-10-25T14:30:23","slug":"vulnerabilite-zero-day-appache-log4j","status":"publish","type":"post","link":"https:\/\/sqalogic.com\/en\/vulnerabilite-zero-day-appache-log4j\/","title":{"rendered":"Zero Day Vulnerability in the Apache log4j"},"content":{"rendered":"

As of early December 2021,\u00a0a critical zero day vulnerability<\/a>\u00a0in the\u00a0Apache log4j utility<\/strong>\u00a0was published.\u00a0log4shell<\/a>allows arbitrary code execution on affected systems, many of which include servers that are part of the internet\u2019s larger infrastructure and core services.<\/p>\n

For our customers concerned about the\u00a0log4j vulnerability<\/strong>, we understand that the security of your ecosystem is crucial to your success, and that the mission critical roles of those devices mean that any threat is a business critical one. However, with many organizations already in the planning, remediation and\/or monitoring phases, we believe that with the proper strategy, along with the right resources, remediation is quickly attainable.<\/p>\n

The\u00a0log4shell<\/strong>\u00a0exploit leverages a vulnerability in the Java Naming and Directory Interface (JNDI) to perform remote lookups. If an application relies on web servers that are vulnerable to log4shell,\u00a0log4shell<\/strong>, that application is running on, as the exploitation would occur on the server side (not client).<\/p>\n

While it would require significant effort to create an application that uses\u00a0log4j vulnerability\u00a0<\/strong>you should still practice due diligence and check in with your internal development team and software vendors about their response to log4shell.\u00a0log4shell<\/strong>If you are experiencing difficulties in contacting your software vendor\u2019s representative, SQALogic can assist our customers in retrieving any information associated with their quality assurance, performance, and general testing software tools.<\/p>\n

Here are some of our partners\u2019 remediation recommendations, along with some well-known software industry vendors:<\/strong><\/p>\n