Log4J - CVE 2021-44228 (Log4Shell) - Exploitation & Mitigation

Uploaded By: Myvideo

Published on

19 Dec 2021

1 view

0

0 votes

0

About Share Download Add to

In this video, I demonstrate the process of exploiting the Log4J vulnerability, also known as Log4Shell as well as explore the process of mitigating the vulnerability on Apache Solr. //WHAT IS LOG4J? Apache Log4j is one of the most widely utilized, open-source Java-based logging utilities. It is used by various Apache solutions like Apache Tomcat, Apache Solr, and Apache Druid to name a few. //WHAT IS LOG4SHELL? On November 30th, 2021, the Apache log4j development team was made aware of a vulnerability in Log4j that could allow the injection of malicious input that could consequently facilitate remote code execution. On December 9th, 2021, the Infosec community was made aware of this finding and the far-reaching impacts of the vulnerability. The vulnerability could potentially allow attackers to take control of any system running Log4j by logging a certain string. The vulnerability, now assigned as CVE-2021–44228 has a severity score of 10 (CRITICAL) and has been dubbed “Log4Shell”. //LINKS THM Room: h

Share with your friends

Link:

Embed:

<iframe width="640" height="360" src="//myvideo.cc/embed/UGZOZWRqeGF0cFFzZTl5LzRhMC9rblh5dU81NVZvQm8xVHp4ZUJtdndTYz0" frameborder="0" webkitallowfullscreen mozallowfullscreen allowfullscreen></iframe>

Video Size:

Custom size:

x

Autoplay video

Hide player controls

Hide resume playing

Add to Playlist:

Favorites

My Playlist

Watch Later

BUSTING some packaging format MYTHS! App verification, sandbox, package maintainers...

6 months ago

00:16:31

BUSTING some packaging format MYTHS! App verification, sandbox, package maintainers...

1 88%

ГорбенкоТех - Экстренный выпуск. Обновление для курса Установка и изучение SAP в облачных сервисах

8 months ago

00:04:40

ГорбенкоТех - Экстренный выпуск. Обновление для курса Установка и изучение SAP в облачных сервисах

1 78%

Keep Your Dependencies in Check Marit van Dijk GOTO 2023

11 months ago

00:37:31

Keep Your Dependencies in Check Marit van Dijk GOTO 2023

1 37%

Log4shell - угрожает Minecraft или УЯЗВИМОСТЬ НУЛЕВОГО ДНЯ

1 year ago

00:12:52

Log4shell - угрожает Minecraft или УЯЗВИМОСТЬ НУЛЕВОГО ДНЯ

1 76%

Телеграм бот на Java. Создаем проект, интегрируемся с телегой. Урок 1.

1 year ago

00:18:54

Телеграм бот на Java. Создаем проект, интегрируемся с телегой. Урок 1.

1 77%

Инструменты логгирования для платформы Java

1 year ago

01:07:35

Инструменты логгирования для платформы Java

12 37%

Набор на приватный сервер Friends Shield Бесплатный Ванилльный Minecraft

1 year ago

00:01:33

Набор на приватный сервер Friends Shield Бесплатный Ванилльный Minecraft

1 74%

Уязвимость Log4j | Эта Команда в Чате ЛОМАЕТ СЕРВЕРА MINECRAFT

2 years ago

00:11:14

Уязвимость Log4j | Эта Команда в Чате ЛОМАЕТ СЕРВЕРА MINECRAFT

1 74%

DI, DI-контеинеры, аспектно-ориентированное программирование в Python vs Java. Чистый код, 11 глава

2 years ago

00:29:38

DI, DI-контеинеры, аспектно-ориентированное программирование в Python vs Java. Чистый код, 11 глава

4 66%

Triaging Real Time Security Threats with eBPF Powered Observability Daniel Kim GOTO 2022

2 years ago

00:13:09

Triaging Real Time Security Threats with eBPF Powered Observability Daniel Kim GOTO 2022

1 72%

Live Hacking: Breaking into Your Web App Brian Vermeer GOTO 2022

2 years ago

00:41:14

Live Hacking: Breaking into Your Web App Brian Vermeer GOTO 2022

1 40%

Самая Страшная неделя в истории Minecraft Уязвимость Log4Shell FitMc на русском

3 years ago

00:09:49

Самая Страшная неделя в истории Minecraft Уязвимость Log4Shell FitMc на русском

1 48%

Could I Hack into Google Cloud

3 years ago

00:24:55

Could I Hack into Google Cloud

1 25%

Проблемы с Open Source. Глобальная сеть третьей версии

3 years ago

00:51:08

Проблемы с Open Source. Глобальная сеть третьей версии

2 93%

Crazy JSP Web Shell to Exploit Tomcat - Real World CTF 2022

3 years ago

00:21:49

Crazy JSP Web Shell to Exploit Tomcat - Real World CTF 2022

1 9%

Главные IT-Новости 2021 года часть 1 | Влад Тен | Андрей Кузьмин (Леха Медь) | Прожектор Робапайка

3 years ago

00:54:29

Главные IT-Новости 2021 года часть 1 | Влад Тен | Андрей Кузьмин (Леха Медь) | Прожектор Робапайка

3 40%

Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

3 years ago

00:20:19

Fuzzing Java to Find Log4j Vulnerability - CVE-2021-45046

1 57%

НЕ ИГРАЙТЕ СЕЙЧАС В МАЙНКРАФТ!

3 years ago

00:04:09

НЕ ИГРАЙТЕ СЕЙЧАС В МАЙНКРАФТ!

1 58%

Detect Vulnerable Log4J Websites with CanaryTokens | HakByte

3 years ago

00:13:37

Detect Vulnerable Log4J Websites with CanaryTokens | HakByte

2 24%

Why, HDMI Why

3 years ago

00:06:05

Why, HDMI Why

10 86%

DuckDuckGo's Desktop Browser is Almost Here - Surveillance Report 68

3 years ago

00:23:11

DuckDuckGo's Desktop Browser is Almost Here - Surveillance Report 68

1 93%

Log4j Log4Shell RCE explained (CVE-2021-44228)

3 years ago

00:08:09

Log4j Log4Shell RCE explained (CVE-2021-44228)

3 20%

Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2

3 years ago

00:16:07

Log4j Lookups in Depth // Log4Shell CVE-2021-44228 - Part 2

1 28%

Log4J & JNDI Exploit: Why So Bad - Computerphile

3 years ago

00:26:31

Log4J & JNDI Exploit: Why So Bad - Computerphile

1 65%

0 Comments

Guest