Actualités

l'Informaticien

Log4j 2, la faille de la décennie

La bibliothèque de journalisation Apache log4j est trouée. Et c’est une faille critique qui a été découverte. Pire encore un exploit a été publié. Or Log4j est massivement utilisée : on la trouve ...
ZDNet

Apache releases new 2.17.0 patch for Log4j to solve denial of service vulnerability

Apache said version 2.16 "does not always protect from infinite recursion in lookup evaluation" and explained that it is vulnerable to CVE-2021-45105, a denial of service vulnerability. They said the ...
ZDNet

Security warning: New zero-day in the Log4j Java library is already being exploited

A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers. Tracked as ...