A newly discovered zero-day vulnerability in the widely used Java logging library Apache Log4j is easy to exploit and enables attackers to gain full control of affected servers.

The maintainers of the Java Log4j project had only three sponsors, despite the software being a crucial part of large companies' commercial products and enterprise applications.

It could take years for applications using vulnerable version of Java log4j library to be patched, says expert Howard Solomon December 11, 2021 Image by Aquir via GettyImages.ca ...