![]() The earlier fix, researchers said on late Tuesday, “was incomplete in certain non-default configurations” and made it possible for attackers to perform denial-of-service attacks, which typically make it easy to take vulnerable services completely offline until victims reboot their servers or take other actions. The researchers are urging organizations to install a new patch, released as version 2.16.0, as soon as possible to fix the vulnerability, which is tracked as CVE-2021-45046. Further Reading Zero-day in ubiquitous Log4j tool poses a grave threat to the InternetNow, researchers are reporting that there are at least two vulnerabilities in the patch, released as Log4J 2.15.0, and that attackers are actively exploiting one or both of them against real-world targets who have already applied the update.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |