image credit: unsplash
Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found.
Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Struts framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log is easily exploitable and can allow unauthenticated remote code execution (RCE) and complete server takeover.
Comments are closed.
