Australian Cyber Security Centre
Background /What has happened?
A remote code execution vulnerability has been identified in Apache Log4j2 library, one of the most widely used Java-based logging utilities globally, via a security blog post.
Proof-of-concept code to exploit this vulnerability is publicly available on GitHub.
Due to widespread use in popular frameworks a large number of third-party apps may also be vulnerable to exploits.
The ACSC is aware of scanning in attempts to locate vulnerable servers.
Mitigation / How do I stay secure?
Australian organisations who utilise Apache Log4j2 versions prior to 2.15.0 should review their patch level and update to the latest available version.
Assistance / Where can I go for help?
/Public Release. This material from the originating organization/author(s) might be of the point-in-time nature, and edited for clarity, style and length. Mirage.News does not take institutional positions or sides, and all views, positions, and conclusions expressed herein are solely those of the author(s).View in full here.
