news item | 2021-12-11 | 20:02
A serious vulnerability has been found in Apache Log4j. This is the software that is widely used in web applications and all kinds of other systems. The NCSC warns of potentially significant damage and advises that you install Apache-provided updates as soon as possible. We see active scanning behavior in the Netherlands and expect the vulnerability that has since been called Log4shell to be abused in the short term. The National Center for Sports Security is closely monitoring the situation; Keep an eye on the site for more information and updates. If you are not sure if Apache Log4j is used within your organization, please check with your software vendor.
The vulnerability allows attackers to abuse the rights of remote web servers, with the potential for significant collateral damage. For this vulnerability, NCSC has an extension High / high security tips Released: The potential for short-term abuse and potential harm is high.
over there Possibilities To discover abuse by searching the registry. Cybersecurity firm Northwave has a file a tool Made available to check if your server is vulnerable. The NCSC indicates a disclaimer in the accompanying text.
Apache Log4j is widely used by organizations large and small at home and abroad. The way this vulnerability can be exploited is now known to the public. Given the high level of interest in this vulnerability, the National Security Examinations Center (NCSC) expects that the ways in which it can be exploited will be further developed in the near future. So it is very important to install updates quickly.
