Millions of Java Apps Remain At Risk to Log4Shell

Millions of Java Apps Remain At Risk to Log4Shell

Researchers discovered that millions of Java applications are still vulnerable to compromise four months after the zero-day Log4Shell serious issue was discovered.

The current potential attack surface for the vulnerability in the popular open-source Apache Log4j framework that threatened to crash the internet when it was disclosed in December was examined by researchers at security firm Rezilion.

The weakness in Apache Log4j, a popular Java logging library, is easily exploited and can result in unauthenticated Remote Code Execution (RCE) and complete server takeover. According to a honeypot put up by the SANS Internet Storm Center, dozens of daily exploitation attempts of Log4Shell are still being logged, experts stated.

Read More: https://threatpost.com/java-apps-vulnerable-log4shell/179397/