Log4Shell
   HOME
*





Log4Shell
Log4Shell (CVE-2021-44228) was a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on December 10th, 2021, the vulnerability circulated by the name "Log4Shell", given by Free Wortley of the LunaSec team, was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to affect hundreds of millions of devices. The vulnerability takes advantage of Log4j's allowing requests to arbitrary LDAP and JNDI servers, allowing attackers to execute arbitrary Java code on a server or other computer, or leak sensitive information. A list of its affected software proje ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Log4j
Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks. Gülcü has since created SLF4J, Reload4j, and Logback which are alternatives to Log4j. The Apache Log4j team developed Log4j 2 in response to the problems of Log4j 1.2, 1.3, java.util.logging and Logback, addressing issues which appeared in those frameworks. In addition, Log4j 2 offered a plugin architecture which makes it more extensible than its predecessor. Log4j 2 is not backwards compatible with 1.x versions, although an "adapter" is available. On August 5, 2015, the Apache Logging Services Project Management Committee announced that Log4j 1 had reached end of life and that users of Log4j 1 were advised to upgrade to Apache Log4j 2. On January 12th 2022, a forked and renamed log4j version 1.2 was released by Ceki Gülcü as Reload4j version 1.2.18.0 with ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Alibaba Cloud
Alibaba Cloud, also known as Aliyun (), is a cloud computing company, a subsidiary of Alibaba Group. Alibaba Cloud provides cloud computing services to online businesses and Alibaba's own e-commerce ecosystem. Its international operations are registered and headquartered in Singapore. Alibaba Cloud offers cloud services that are available on a pay-as-you-go basis, and include elastic compute, data storage, relational databases, big-data processing, anti-DDoS protection and content delivery networks (CDN). It is the largest cloud computing company in China, and in Asia Pacific according to Gartner. Alibaba Cloud operates data centers in 24 regions and 74 availability zones around the globe. As of June 2017, Alibaba Cloud is placed in the Visionaries' quadrant of Gartner's Magic Quadrant for cloud infrastructure as a service, worldwide. History * September 2009 – Alibaba Cloud is founded and R&D centers and operation centers are subsequently opened in Hangzhou, Beijing, a ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Java Naming And Directory Interface
The Java Naming and Directory Interface (JNDI) is a Java API for a directory service that allows Java software clients to discover and look up data and resources (in the form of Java objects) via a name. Like all Java APIs that interface with host systems, JNDI is independent of the underlying implementation. Additionally, it specifies a service provider interface (SPI) that allows directory service implementations to be plugged into the framework. The information looked up via JNDI may be supplied by a server, a flat file, or a database; the choice is up to the implementation used. Typical uses of JNDI include: * connecting a Java application to an external directory service (such as an address database or an LDAP server) * allowing a Java Servlet to look up configuration information provided by the hosting web container Background The Java RMI and Java EE APIs use the JNDI API to look up objects in a network. The API provides: * a mechanism to bind an object to a name * a dire ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Arbitrary Code Execution
In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in software or hardware allowing arbitrary code execution. A program that is designed to exploit such a vulnerability is called an arbitrary code execution exploit. The ability to trigger arbitrary code execution over a network (especially via a wide-area network such as the Internet) is often referred to as remote code execution (RCE). Vulnerability types There are a number of classes of vulnerability that can lead to an attacker's ability to execute arbitrary commands or code. For example: * Memory safety vulnerabilities such as buffer overflows or over-reads. * Deserialization vulnerabilities * Type confusion vulnerabilities * GNU LDD arbitrary code execution Methods Arbitrary code execution is commonly achieved through control over th ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




The Apache Software Foundation
The Apache Software Foundation (ASF) is an American nonprofit corporation (classified as a 501(c)(3) organization in the United States) to support a number of open source software projects. The ASF was formed from a group of developers of the Apache HTTP Server, and incorporated on March 25, 1999. As of 2021, it includes approximately 1000 members. The Apache Software Foundation is a decentralized open source community of developers. The software they produce is distributed under the terms of the Apache License and is a non-copyleft form of free and open-source software (FOSS). The Apache projects are characterized by a collaborative, consensus-based development process and an open and pragmatic software license, which is to say that it allows developers who receive the software freely, to re-distribute it under nonfree terms. Each project is managed by a self-selected team of technical experts who are active contributors to the project. The ASF is a meritocracy, implying tha ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


The Apache Software Foundation
The Apache Software Foundation (ASF) is an American nonprofit corporation (classified as a 501(c)(3) organization in the United States) to support a number of open source software projects. The ASF was formed from a group of developers of the Apache HTTP Server, and incorporated on March 25, 1999. As of 2021, it includes approximately 1000 members. The Apache Software Foundation is a decentralized open source community of developers. The software they produce is distributed under the terms of the Apache License and is a non-copyleft form of free and open-source software (FOSS). The Apache projects are characterized by a collaborative, consensus-based development process and an open and pragmatic software license, which is to say that it allows developers who receive the software freely, to re-distribute it under nonfree terms. Each project is managed by a self-selected team of technical experts who are active contributors to the project. The ASF is a meritocracy, implying tha ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


Tencent QQ
Tencent QQ (), also known as QQ, is an instant messaging software service and web portal developed by the Chinese technology company Tencent. QQ offers services that provide online social games, music, shopping, microblogging, movies, and group and voice chat software. As of March 2022, there were 563.8 million monthly active QQ accounts. History Tencent QQ was first released in China in February 1999 under the name of OICQ ("Open ICQ", a reference to the early IM service ICQ). After the threat of a trademark infringement lawsuit by the AOL-owned ICQ, the product's name was changed to QQ (with "Q" and "QQ" used to imply "cute"). The software inherited existing functions from ICQ, and additional features such as software skins, people's images, and emoticons. QQ was first released as a " network paging" real-time communications service. Other features were later added, such as chatrooms, games, personal avatars (similar to "Meego" in MSN), online storage, and Internet dati ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


ArsTechnica
''Ars Technica'' is a website covering news and opinions in technology, science, politics, and society, created by Ken Fisher and Jon Stokes in 1998. It publishes news, reviews, and guides on issues such as computer hardware and software, science, technology policy, and video games. ''Ars Technica'' was privately owned until May 2008, when it was sold to Condé Nast Digital, the online division of Condé Nast Publications. Condé Nast purchased the site, along with two others, for $25 million and added it to the company's ''Wired'' Digital group, which also includes ''Wired'' and, formerly, Reddit. The staff mostly works from home and has offices in Boston, Chicago, London, New York City, and San Francisco. The operations of ''Ars Technica'' are funded primarily by advertising, and it has offered a paid subscription service since 2001. History Ken Fisher, who serves as the website's current editor-in-chief, and Jon Stokes created ''Ars Technica'' in 1998. Its purpose was ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  




Wiz (company)
Wiz is a cloud security startup headquartered in New York City. The company was founded in January 2020 by Assaf Rappaport, Yinon Costica, Roy Reznik, and Ami Luttwak, all of whom previously founded Adallom. Rappaport serves as CEO, Costica as VP of Product, Reznik as VP of Engineering, and Luttwak as CTO. The company's platform analyzes computing infrastructure hosted in AWS, Azure, GCP, OCI and Kubernetes for combinations of risk factors that could allow malicious actors to gain control of assets and/or exfiltrate valuable data. As of March 2022, Wiz employed over 200 individuals, with most sales and marketing personnel scattered across North America and Europe while most engineering personnel are based in Tel Aviv, Israel. In August 2022, Wiz claimed to be the fastest ever to scale from $1 million to $100 million in annual recurring revenue (ARR), from February 2021 to approximately July 2022, and stated it was "closing in on 500" employees. Funding Wiz has raised a tot ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Ernst & Young
Ernst & Young Global Limited, trade name EY, is a multinational professional services partnership headquartered in London, England. EY is one of the largest professional services networks in the world. Along with Deloitte, KPMG and PricewaterhouseCoopers (PwC), it is considered one of the Big Four accounting firms. It primarily provides assurance (which includes financial audit), tax, consulting and advisory services to its clients. Like many of the larger accounting firms in recent years, EY has expanded into markets adjacent to accounting, including strategy, operations, HR, technology, and financial services consulting. EY operates as a network of member firms which are structured as separate legal entities in a partnership, which has 312,250 employees in over 700 offices in more than 150 countries around the world. The firm's current partnership was formed in 1989 by a merger of two accounting firms; Ernst & Whinney and Arthur Young & Co. It was named Ernst & Young until ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]  


picture info

Mojang Studios
Mojang Studios is a Swedish video game developer based in Stockholm. The studio is best known for developing the sandbox and survival game ''Minecraft'', the best-selling video game of all time. Mojang Studios was founded by the independent video game designer Markus Persson in 2009 as Mojang Specifications for ''Minecraft''s development. The studio inherited its name from another video game venture Persson had left two years prior. Following the game's initial release, Persson, in conjunction with Jakob Porsér, incorporated the business as Mojang AB in late 2010, and hired Carl Manneh as the company's chief executive officer. Other early hires included Daniel Kaplan and Jens Bergensten. ''Minecraft'' became highly successful, giving Mojang sustained growth. With a desire to move on from the game, Persson offered to sell his share in Mojang, and the company was acquired by Microsoft in November 2014. Persson, Porsér, and Manneh subsequently left Mojang, with Jonas Mårten ...
[...More Info...]      
[...Related Items...]     OR:     [Wikipedia]   [Google]   [Baidu]