Log4Shell

GPTKB entity

Statements (39)
Predicate Object
gptkbp:instanceOf computer security vulnerability
gptkbp:affects gptkb:Apache_Log4j
millions of servers worldwide
gptkbp:allows remote code execution
gptkbp:alsoKnownAs gptkb:CVE-2021-44228
gptkbp:category gptkb:security
remote code execution vulnerability
zero-day exploit
gptkbp:discoveredBy gptkb:Alibaba_Cloud_Security_Team
gptkb:Chen_Zhaojun
gptkbp:discoveredIn 2021
gptkbp:exploits true
gptkbp:hasSeverity critical
gptkbp:hasVersion gptkb:Log4j_2.0-beta9_to_2.14.1
https://www.w3.org/2000/01/rdf-schema#label Log4Shell
gptkbp:impact ransomware attacks
data breach
system compromise
Java applications using Log4j 2.x
malware installation
gptkbp:mitigatedBy disable JNDI lookups
update Log4j to 2.15.0 or later
gptkbp:notableEvent widespread exploitation in December 2021
gptkbp:patchedBy gptkb:Log4j_2.15.0
gptkbp:prompted emergency patching efforts
global security advisories
software supply chain reviews
gptkbp:publicDisclosure 2021-12-09
gptkbp:receivedAttentionFrom gptkb:National_Cyber_Security_Centre_(UK)
gptkb:US_Cybersecurity_and_Infrastructure_Security_Agency_(CISA)
security researchers worldwide
gptkbp:requires user input containing malicious JNDI lookup
gptkbp:usedIn botnets
cryptojacking
worm attacks
gptkbp:vectorFor JNDI lookup feature
gptkbp:vulnerableTo gptkb:CVE-2021-44228
gptkbp:bfsParent gptkb:Log4j
gptkbp:bfsLayer 6