Researchers discovered that millions of Java applications are still vulnerable to compromise four months after the zero-day Log4Shell serious issue was discovered.
The current potential attack surface for the vulnerability in the popular open-source Apache Log4j framework that threatened to crash the internet when it was disclosed in December was examined by researchers at security firm Rezilion.
The weakness in Apache Log4j, a popular Java logging library, is easily exploited and can result in unauthenticated Remote Code Execution (RCE) and complete server takeover. According to a honeypot put up by the SANS Internet Storm Center, dozens of daily exploitation attempts of Log4Shell are still being logged, experts stated.
Read More: https://threatpost.com/java-apps-vulnerable-log4shell/179397/