Java log4j Logging Utility
Java is a heavily used programming language in the enterprise and web software world. The vast majority of the web is built on Java.
You probably have heard about about the log4j security vunerability that is sweeping the news. Given the fact the the web is mostly built on Java, nearly every large company and government agency is affected by this security bug.
log4j is a utility package consumed by nearly every single Java software and web application, that reduces the boilerplate and redundent code needed to log internal application activity.
The vunerability discovered in log4j involves the logging utility executing code that is contained in a log statement. A hacker can simply craft an interaction with your website that will log malicous code the hacker can use to gain control of the system hosting the website or web application.
As software engineers scramble to update and patch the log4j Java security exploit, hackers are working day and night to gain access to remote servers, and in most cases, install cryptocurrency mining software.
Why it Matters
Leveraging a vunerability in vunerability in log4j, a java logging utility, hackers can execute code on, and possibly hijack, your remote servers. This brings to light the fact that you should not be logging user input, this helps setup up our website or software application for code injection attacks.
The If you think you may be vulnerabile to potential log4j exploits, or otherwise have questions or feedback, please reach out to us and we will be happy to hear from you.