GIGAZINE

Why does the vulnerability 'Log4Shell (CVE-2021-44228)' found in Java's Log4j library have a major impact on the world?

A version of Apache Log4j, a Java log output library, that fixes the zero-day vulnerability 'CVE-2021-44228 ', commonly known as ' Log4Shell ', for remote code execution will be released on December ...
TheServerSide

Intercepting JNDI Filters

Suppose you have an existing J2EE application with EJB's, RMI objects, JMS destinations and other objects bound into a JNDI registry. During the course of the project schedule, you need to make ...
ZDNet

JFrog researchers find JNDI vulnerability in H2 database consoles similar to Log4Shell

In a blog post, the company said that CVE-2021-42392 should not be as widespread as Log4Shell, even though it is a critical issue with a similar root cause. JFrog explained that the Java Naming and ...
InfoWorld

J2EE or J2SE? JNDI works with both

JNDI, the Java Naming and Directory Interface, allows applications to access various naming and directory services via a common interface. The figure below shows the JNDI architecture. Like JDBC (Java ...
CSOonline

Apache Log4j vulnerability actively exploited, impacting millions of Java-based apps

The vulnerability affects not only Java-based applications and services that use the library directly, but also many other popular Java components and development frameworks that rely on it. Attackers ...