Welcome to a special edition drawn from the meta thread on /r/blueteamsec - https://www.reddit.com/r/blueteamsec/comments/rd38z9/log4j_0day_being_exploited/

The thread continues to be updated on Reddit, below are the salient points as of 7:30 UTC on Sunday December 12th.

Hope it helps and have a lovely weekend.

Ollie

Headlines

Log4j2 open source logging framework for Java is subject to a vulnerability which means untrusted input can result via LDAP, RMI and other JNDI endpoints in the loading and executing of arbitrary code from an untrusted source.

This vulnerability was disclosed last week with active knowledge and exploitation following very quickly thereafter.

Wide spread exploitation and scanning is currently occurring by a range of actors including researchers, nation states, coin miners and other criminal enterprises as well as bug bounty participants.

Details

The below are the details of the vulnerability specifically:

• https://logging.apache.org/log4j/2.x/security.html

• https://issues.ap…