On Dec 10 2021 log4j vulnerability was published at https://nvd.nist.gov/vuln/detail/CVE-2021-44228 this allow attackers to remote access servers via http request.
Any Java application that uses logging with log4j 2.1x to 2.14.x have this problem, in order to solve this you can do the following options:
Upgrade to log4j 2.15 which solves the problem
Add the following JVM arguments to your startup
-Dlog4j2.formatMsgNoLookups=true
There are other options on other places to solve, you can find this at https://www.govcert.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/
Comments