Tabbas kun riga kun karanta wani abu ko ganin wani abu a shafukan sada zumunta. Shiga 4j Ba rashin lahani ba ne da kansa, amma sunan buɗaɗɗen ɗakin karatu da aka haɓaka a cikin Java (an kuma rubuta shi a cikin wasu harsuna kamar Ruby, C, C ++, Python, da sauransu) ta Apache Software Foundation. . Godiya gare shi, masu haɓaka software na iya aiwatar da saƙonnin rajistar ma'amala a lokacin aiki a matakai daban-daban na mahimmanci.
La damuwa CVE-2021-44228 wanda aka saki kwanan nan yana shafar Apache Log4j 2.x. Ana kiran rashin lafiyar Log4Shell ko LogJam, kuma wani injiniyan intanet wanda ya kira kansa ya gano shi a ranar 9 ga Disamba. p0rz9 sadarwar. Wannan masani kuma ya buga wani ma'ajiyar kan Github game da wannan rami na tsaro.
Wannan raunin Log4j yana ba da damar yin amfani da ingantaccen shigar da ba daidai ba ga LDAP, yana ƙyale m code kisa (RCE), da kuma lalata uwar garken (tsarin sirri, amincin bayanai da wadatar tsarin). Bugu da kari, matsala ko mahimmancin wannan raunin yana cikin adadin aikace-aikace da sabar da suke amfani da ita, gami da software na kasuwanci da sabis na girgije kamar Apple iCloud, Steam, ko shahararrun wasannin bidiyo kamar Minecraft: Java Edition, Twitter, Cloudflare, Tencent, ElasticSearch, Redis, Elastic Logstash, da dai sauransu.
An ba da sauƙi na aiki da kuma mahimman tsarin da ke amfani da shi, yawancin masu aikata laifukan yanar gizo suna iya yin amfani da shi don yada ransomware. Yayin da wasu ke ƙoƙarin samar da mafita, kamar Florian Roth na Nextron Systems, wanda ya raba wasu dokokin YAR don gano ƙoƙarin yin amfani da raunin Log4j.
Gidauniyar Apache ita ma ta yi saurin gyara ta, tana fitar da faci don wannan raunin. Saboda haka, yana da mahimmanci Muhimmancin ku sabunta zuwa Log4j sigar 2.15.0 yanzu., idan kuna da sabar ko tsarin da abin ya shafa. Don ƙarin bayani kan yadda ake yin shi, kuna iya ziyartar wannan mahada download da bayanai game da shi.