Ngokuqinisekileyo sele ufunde into okanye ubone into kwiintanethi zentlalo. Ilog4j Ayingomngcipheko ngokwawo, kodwa ligama lethala leencwadi elivulekileyo eliphuhliswe kwiJava (likwabhaliwe nangezinye iilwimi ezinje ngoRuby, C, C ++, Python, njl.njl.) yiApache Software Foundation. . Enkosi kuyo, abaphuhlisi besoftware banokusebenzisa imiyalezo yelog yentengiselwano ngexesha lokusebenza kumanqanaba ahlukeneyo okubaluleka.
La Umngcipheko I-CVE-2021-44228 esanda kukhutshwa ichaphazela i-Apache Log4j 2.x. Ubuthathaka bubizwa ngokuba yi-Log4Shell okanye i-LogJam, kwaye yafunyanwa nge-9 kaDisemba yinjineli ye-cybersecurity ezibiza ngokuba p0rz9 uthungelwano. Le ngcaphephe iphinde yapapasha a Indawo yokugcina kwiGithub malunga nalo mngxuma wokhuseleko.
Oku buthathaka kwe-Log4j kuvumela ukusebenzisa uqinisekiso lwegalelo olungachanekanga kwi-LDAP, luvumela ukwenziwa kwekhowudi ekude (RCE), kunye nokunciphisa umncedisi (ukugcinwa kwemfihlo, ukunyaniseka kwedatha kunye nokufumaneka kwenkqubo). Ukongeza, ingxaki okanye ukubaluleka kobu sesichengeni kulele kwinani lezicelo kunye neeseva ezizisebenzisayo, kubandakanya isoftware yeshishini kunye neenkonzo zelifu ezinje ngeApple iCloud, iSteam, okanye imidlalo yevidiyo edumileyo efana neMinecraft: Ushicilelo lweJava, iTwitter, Cloudflare, I-Tencent, i-ElasticSearch, iRedis, i-Elastic Logstash, kunye nexesha elide njl.
Xa ndinonikwa i lula ukusebenza kunye neenkqubo ezibalulekileyo eziyisebenzisayo, abaninzi abaphuli-mthetho banokuthi baxhaphaze ukusasaza i-ransomware yabo. Ngelixa abanye bezama ukuza nezisombululo, njengoFlorian Roth we-Nextron Systems, oye wabelana nabanye Imithetho yeYARA ukubona iinzame zokuxhaphaza ubuthathaka be-Log4j.
I-Apache Foundation iye yakhawuleza ukuyilungisa, ikhupha isiqwenga sobu buthathaka. Ngoko ke, ibalulekile Ukubaluleka kokuba uhlaziye kwi-Log4j version 2.15.0 ngoku., ukuba unomncedisi ochaphazelekayo okanye inkqubo. Ngolwazi oluthe kratya malunga nendlela yokwenza, ungandwendwela oku download ikhonkco kunye nolwazi malunga nayo.