log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
ID: b017bd5c-d436-58b5-b392-4c1b4f6143d8
STIX ID: report--b017bd5c-d436-58b5-b392-4c1b4f6143d8
Feed Name: Fox-IT blog
Threat Score
This post analyzes the Log4Shell (CVE-2021-44228) vulnerability in Apache Log4j, describes how JNDI-based format string expansion enables remote class loading and RCE across many Java applications, critiques the available fixes, and offers a Java agent (log4j-jndi-be-gone) as a practical mitigation (-javaagent:log4j-jndi-be-gone-1.0.0-standalone.jar).
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.