Apache Log4j Remote Code Execution Vulnerability
RISK: Medium Risk
TYPE: Web services - Web Servers
A vulnerability has been identified in Apache Log4j. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.
Only the log4j-core JAR file is impacted by this vulnerability. Applications using only the log4j-api JAR file without the log4j-core JAR file are not impacted by this vulnerability.
- Remote Code Execution
System / Technologies affected
- Apache Log4j versions from 2.0-alpha7 to 2.17.0, excluding 2.3.2 and 2.12.4
Before installation of the software, please visit the vendor web-site for more details.
- Java 8 (or later) users should upgrade to release 2.17.1
- Java 7 users should upgrade to release 2.12.4
- Java 6 users should upgrade to release 2.3.2