Skip to main content Skip to search
Start Your Free Trial

What is the Log4j CVE?

November 11, 2022

Transcription

Hi, welcome to the term of the day: Log4j CVE

By sending fraudulent HTTPS requests to log an event, plus including a JNDI request in its header, an attacker might trick Log4j into querying the hacker’s own LDAP server, which could then respond with directory data containing a malicious Java object.

In this way, the Log4J exploit allows cyber criminals to launch remote code execution (RCE) attacks to obtain full access to the target computer.

The disclosure of the zero-day Log4j CVE sparked a dramatic response by cyber criminals.

Within days, an Iranian state-sponsored hacking group named Charming Kitten launched multiple Log4j exploit attacks against the Israeli government and businesses.

Learn more: https://www.a10networks.com/glossary/what-is-the-log4j-vulnerability-log4j-cve/

What is the Log4j CVE? | A10 Networks