body { -ms-overflow-style: scrollbar; overflow-y: scroll; overscroll-behavior-y: none; } .errorContainer { background-color: #FFF; color: #0F1419; max-width: 600px; margin: 0 auto; padding: 10%; font-family: Helvetica, sans-serif; font-size: 16px; } .errorButton { margin: 3em 0; } .errorButton a { background: #1DA1F2; border-radius: 2.5em; color: white; padding: 1em 2em; text-decoration: none; } .errorButton a:hover, .errorButton a:focus { background: rgb(26, 145, 218); } .errorFooter { color: #657786; font-size: 80%; line-height: 1.5; padding: 1em 0; } .errorFooter a, .errorFooter a:visited { color: #657786; text-decoration: none; padding-right: 1em; } .errorFooter a:hover, .errorFooter a:active { text-decoration: underline; } #placeholder, #react-root { display: none !important; } body { background-color: #FFF !important; }

JavaScript is not available.

We’ve detected that JavaScript is disabled in this browser. Please enable JavaScript or switch to a supported browser to continue using twitter.com. You can see a list of supported browsers in our Help Center.

Terms of Service Privacy Policy Cookie Policy Imprint Ads info © 2021 Twitter, Inc.

Don’t miss what’s happening

People on Twitter are the first to know.

Tweet

Conversation

Apache Log4j2 jndi RCE #apache #rce github.com/apache/logging

2:25 PM · Dec 9, 2021Twitter for Android

Replying to

1

2

thx

3

App Development

Replying to

Oof.

Replying to

umm.. yikes

1

5

Replying to

truly epic vuln! This one will be in play for months... years..?

1

15

for a day.

1

1

Show replies

Replying to

Is the version of log4j 1.x affected by this vulnerability?

2

1

5

Maybe no! But you can test using this article cnblogs.com/yyhuni/p/15088

6

Replying to

is sl4j over log4j also affected because of this ?

2

5

@lamhoan80902289

I am also curious about this

Replying to

users who are using java version > 8u191 are safe?

1

1

Bhushan Gaikwad

Really?

1

1

Show replies

Replying to

yikes

1

Bhushan Gaikwad

Replying to

How is this working

1

Der Halbe trägt eine Maske

@einfachnurmark

RCE 0-day exploit found in log4j, a popular Java logging package | LunaSec

A non-security person's take on using CSPs in the real world.

1

8

Replying to

is java 11 affected?

1

1

This has NOTHING to do with the Java version, everything to do with the Log4j version

1

5

Show replies

Replying to

Is it not the same log forging bug that is known since many years? I have reported the bug with similar PoC for vulnerable logging functions for many many years. I wonder what makes this PoC different from traditional log forging RCE?

1

3

Replying to

Legend

2

Replying to

I guess one possible mitigation is to not allow your servers to access any random outside IP. Whitelist the IPs it needs to access.

1

2

Doesn't work so well in a cloudy world.

3

Replying to

ffs kids are going to kill themselves over Minecraft

4

Replying to

Only way is to block it on WAF for requests with strings jndi:ldap jndi:rmi jndi:ldaps jndi:dns

8

Replying to

1

Replying to

witnessed

1

Replying to

iblant(at)no

Replying to

sikander // 시서방

Replying to

legendary

Show more replies

New to Twitter?

Sign up now to get your own personalized timeline!

Sign up with Apple

Sign up with phone or email

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

Trending now

What’s happening

News

LIVE

G7外相会合が英リバプールで10〜12日に開催

Trending in Japan

BS12

3,596 Tweets

朝日新聞デジタル

1 hour ago

3年おきの離婚と再婚　渋谷でのケンカから10年、別姓かなわぬ国で

ねとらぼ調査隊

1 hour ago

40～50代の男性が選ぶ「部下にしたい俳優」ランキングTOP26！　「神木隆之介」さんを抑えた1位は？

Movies & TV · Trending

IGNITE

10.9K Tweets