The outbreak of Log4j2 vulnerability has caused an uproar all over the world, with a wide range of influence and great harm second to none. The event is a typical supply chain event caused by open source software. The vulnerability of upstream software affects the products of downstream industries. The...
Ano: 2021
3 Steps to Mitigate the Log4j2 Vulnerabilities Using NSFOCUS WAF
On December 9, NSFOCUS monitored the disclosure of the Apache Log4j2 remote code execution vulnerability (CVE-2021-44228) on the Internet. Apache Log4j2 is an open source Java logging framework, which is widely used in middleware, development frameworks and web applications to record log information. The vulnerability PoC has been made public...
ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021
Overview The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and workaround. On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary...
Microsoft December Security Updates for Multiple High-Risk Product Vulnerabilities
Overview On December 15th, NSFOCUS CERT monitored that Microsoft released the December security update patch, which fixed 67 security issues, involving widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, and Microsoft PowerShell, including privilege escalation, remote Types of high-risk vulnerabilities such as code execution. Among the vulnerabilities...
ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert
Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by sending a specially constructed data request packet. The vulnerability PoC has been...
Cutting-Edge Technologies Empowering Security and Compliance of User Privacy Data
Compliance has seen radical changes in the requirements and driving force of data security and a broader category of data objects under data security protection. Application scenarios covered by data security will become more diversified, and data security requirements will cover all phases of the data lifecycle. In order to...
