Chokwadi iwe wakatoverenga chimwe chinhu kana kuona chimwe chinhu pasocial network. log4j Iko hakusi kusagadzikana pachayo, asi izita reraibhurari yakavhurwa sosi yakagadziridzwa muJava (rakanyorwawo mune mimwe mitauro seRuby, C, C ++, Python, nezvimwewo) neApache Software Foundation. . Kutenda kwazviri, vanogadzira software vanogona kushandisa transaction log meseji panguva yekumhanya pamatanho akasiyana ekukosha.
La ngozi CVE-2021-44228 iyo ichangobva kuburitswa inobata Apache Log4j 2.x. Kusagadzikana uku kwadaidzwa kuti Log4Shell kana LogJam, uye yakawanikwa muna Zvita 9 nainjiniya wecybersecurity anozvidaidza kuti. p0rz9 networking. Nyanzvi iyi yakaburitsawo a repository paGithub nezve gomba iri rekuchengetedza.
Kusagadzikana uku kweLog4j kunobvumira kushandisa zvisirizvo kuisirwa kweiyo LDAP, zvichibvumira. kurekodha kuuraya (RCE), uye kukanganisa sevha (kuvanzika, kutendeseka kwedata uye kuwanikwa kwehurongwa). Pamusoro pezvo, dambudziko kana kukosha kwekusagadzikana uku kuri muhuwandu hwezvishandiso uye maseva anoishandisa, kusanganisira bhizinesi software uye makore masevhisi akadai seApple iCloud, Steam, kana yakakurumbira mitambo yemavhidhiyo seMinecraft: Java Edition, Twitter, Cloudflare, Tencent, ElasticSearch, Redis, Elastic Logstash, uye yakareba etc.
Tichifunga iyo nyore kushanda uye masisitimu akakosha anoashandisa, mazhinji matsotsi anogona kuishandisa kuparadzira ransomware yavo. Nepo vamwe vachiedza kuuya nemhinduro, saFlorian Roth weNextron Systems, akagovana zvimwe YARA inotonga kuona kuedza kushandisa iyo Log4j kusagadzikana.
Apache Foundation yakakurumidzawo kuigadzirisa, ichiburitsa chigamba chekusagadzikana uku. Naizvozvo, zvinokosha Kukosha kuti iwe uvandudze kuLog4j vhezheni 2.15.0 izvozvi., kana uine server yakakanganisika kana system. Kuti uwane rumwe ruzivo rwekuti ungazviita sei, unogona kushanyira iyi download link uye neruzivo pamusoro pazvo.