Impela usuvele ufunde okuthile noma ubone okuthile ezinkundleni zokuxhumana. Ilogi4j Akuwona ubungozi ngokwako, kodwa yigama lomtapo wolwazi ovulekile owakhiwe ku-Java (liphinde labhalwa ngezinye izilimi ezifana noRuby, C, C ++, Python, njll.) yi-Apache Software Foundation. . Siyabonga ngakho, abathuthukisi be-software bangakwazi ukusebenzisa imilayezo yefayela lokungena ngesikhathi sokusebenza ngamaleveli ahlukahlukene okubaluleka.
La ubungozi I-CVE-2021-44228 esanda kukhishwa ithinta i-Apache Log4j 2.x. Ukuba sengozini kubizwe nge-Log4Shell noma i-LogJam, futhi kwatholwa ngoDisemba 9 unjiniyela we-cybersecurity ozibiza ngokuthi. p0rz9 inethiwekhi. Lo ngoti uphinde washicilela a okugciniwe ku-Github mayelana nale mbobo yokuphepha.
Lokhu kuba sengozini kwe-Log4j kuvumela ukusebenzisa ukuqinisekiswa kokufaka okungalungile ku-LDAP, okuvumela ukukhishwa kwekhodi kude (RCE), kanye nokufaka engozini iseva (ukugcinwa kuyimfihlo, ubuqotho bedatha nokutholakala kwesistimu). Ngaphezu kwalokho, inkinga noma ukubaluleka kwalokhu kuba sengcupheni kulele enanini lezinhlelo zokusebenza namaseva ayisebenzisayo, okuhlanganisa isofthiwe yebhizinisi nezinsizakalo zamafu ezifana ne-Apple iCloud, iSteam, noma imidlalo yevidiyo edumile efana ne-Minecraft: Java Edition, Twitter, Cloudflare, I-Tencent, i-ElasticSearch, i-Redis, i-Elastic Logstash, nende njll.
Kunikezwe ukusebenza kalula kanye nezinhlelo ezibucayi eziyisebenzisayo, izigebengu ze-inthanethi eziningi kungenzeka ziyisebenzise ukusabalalisa i-ransomware yazo. Ngenkathi abanye bezama ukuqhamuka nezixazululo, njengoFlorian Roth we-Nextron Systems, owabelane ngezinye Imithetho ye-YARA ukuthola imizamo yokusebenzisa ubungozi be-Log4j.
I-Apache Foundation iphinde yashesha ukuyilungisa, yakhipha isiqeshana salokhu kuba sengozini. Ngakho-ke, ibalulekile Okubalulekile ukuthi ubuyekezele ku-Log4j inguqulo 2.15.0 manje., uma uneseva ethintekile noma uhlelo. Ukuze uthole ulwazi olwengeziwe mayelana nendlela yokwenza, ungavakashela lokhu isixhumanisi sokulanda kanye nolwazi ngayo.