Understanding Log4Shell: vulnerability, attacks and mitigations
Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution and environment variable leaking. The vulnerability was publicly disclosed last week and took the Java world by storm because of its widespreadness.
But what is the Log4Shell vulnerability? How does it work? What types of attacks are possible and which mitigations exist?
Watch this video for answers! Java champions Roy van Rijn and Bert Jan Schrijver dive into the vulnerability together by explaining its origin, looking at the inner workings and showing a live demo of exploiting and fixing a vulnerable Spring boot application. They also discuss what actions to take when you find out your application is (potentially) vulnerable and are ready to answer any remaining questions you have.