As of 10 December, three critical vulnerabilities were reported in Apache’s Log4Shell component.
Log4J is a library made in Java that is used to write log files. It is estimated that more than 35,000 applications use Log4J and are therefore vulnerable.
To date, three vulnerabilities of this library have been reported:
- CVE-2021-44228, which allows a remote attacker to take control of a device connected to the Internet and execute arbitrary code.
- CVE-2021-45046, a second vulnerability that allows a remote attacker to take control of vulnerable devices
- CVE-2021-45105, which allows an attacker to produce a denial of service causing all system resources to be used. This vulnerability has been classified as “High Risk”.
Pyxsoft users can rest assured knowing that the Pyxsoft WAF actively shields them from this and other potential vulnerabilities.