What is the Log4j CVE?

November 11, 2022

Transcription

Hi, welcome to the term of the day: Log4j CVE

By sending fraudulent HTTPS requests to log an event, plus including a JNDI request in its header, an attacker might trick Log4j into querying the hacker’s own LDAP server, which could then respond with directory data containing a malicious Java object.

In this way, the Log4J exploit allows cyber criminals to launch remote code execution (RCE) attacks to obtain full access to the target computer.

The disclosure of the zero-day Log4j CVE sparked a dramatic response by cyber criminals.

Within days, an Iranian state-sponsored hacking group named Charming Kitten launched multiple Log4j exploit attacks against the Israeli government and businesses.

Learn more: https://www.a10networks.com/glossary/what-is-the-log4j-vulnerability-log4j-cve/

DDoS Attackers Uncovered: Understanding the DDoS Landscape

Start Your 30‑Day Free Trial

Getting to Ubiquity: The Urban and Rural Digital Divide

Product Support Overview

Find the Next Step in Your Career at A10 Networks

What is the Log4j CVE?

Transcription

DDoS Attackers Uncovered: Understanding the DDoS Landscape

Start Your 30‑Day Free Trial

Getting to Ubiquity: The Urban and Rural Digital Divide

Product Support Overview

Find the Next Step in Your Career at A10 Networks

What is the Log4j CVE?

Transcription

Up Next:

DDoS Protection for Cololocation, Data Center and Hosting Providers

The Rise of the IoT Botnet

REPORT: Read A10's DDoS attack report