|
gptkbp:instanceOf
|
computer security vulnerability
|
|
gptkbp:affects
|
gptkb:Apache_Log4j
millions of servers worldwide
|
|
gptkbp:allows
|
remote code execution
|
|
gptkbp:alsoKnownAs
|
gptkb:CVE-2021-44228
|
|
gptkbp:category
|
gptkb:security
remote code execution vulnerability
zero-day exploit
|
|
gptkbp:discoveredBy
|
gptkb:Alibaba_Cloud_Security_Team
gptkb:Chen_Zhaojun
|
|
gptkbp:discoveredIn
|
2021
|
|
gptkbp:exploits
|
true
|
|
gptkbp:hasSeverity
|
critical
|
|
gptkbp:hasVersion
|
gptkb:Log4j_2.0-beta9_to_2.14.1
|
|
https://www.w3.org/2000/01/rdf-schema#label
|
Log4Shell
|
|
gptkbp:impact
|
ransomware attacks
data breach
system compromise
Java applications using Log4j 2.x
malware installation
|
|
gptkbp:mitigatedBy
|
disable JNDI lookups
update Log4j to 2.15.0 or later
|
|
gptkbp:notableEvent
|
widespread exploitation in December 2021
|
|
gptkbp:patchedBy
|
gptkb:Log4j_2.15.0
|
|
gptkbp:prompted
|
emergency patching efforts
global security advisories
software supply chain reviews
|
|
gptkbp:publicDisclosure
|
2021-12-09
|
|
gptkbp:receivedAttentionFrom
|
gptkb:National_Cyber_Security_Centre_(UK)
gptkb:US_Cybersecurity_and_Infrastructure_Security_Agency_(CISA)
security researchers worldwide
|
|
gptkbp:requires
|
user input containing malicious JNDI lookup
|
|
gptkbp:usedIn
|
botnets
cryptojacking
worm attacks
|
|
gptkbp:vectorFor
|
JNDI lookup feature
|
|
gptkbp:vulnerableTo
|
gptkb:CVE-2021-44228
|
|
gptkbp:bfsParent
|
gptkb:Log4j
|
|
gptkbp:bfsLayer
|
6
|