Press ESC to close

Log4j2

3 Articles

Demo: Apache Log4j2 Vulnerability | CVE-2021-45046 | CVE-2021-44228 | CVE-2021-45105 | Mitigation

Continue Reading
0
Abhijit Ghosh
8 min read Min Read
Now, most Java developers are busy mitigating Apache Log4j2 Vulnerability (CVE-2021-44228 and CVE-2021-45046). Applications are literally on fire. Here, I have created a sample project using Spring Boot and Log4j2 to demonstrate (Video Demo) the vulnerability and possible remediation. Please take a look in case if you are curious. What...
, Apache Log4j2 , Log4j2 Vulnerability , CVE-2021-4428 , Security Vulnerability , Spring Boot , Log4j2 , Log4jShell , Remote Code Execution , JNDI Lookup , LDAP Server , formatMsgNoLookups , JndiLookup class , trustUrlCodebase , mitre , Security Breach , Demo , CVE-2021-45046 , Log4j v2.16.0 , Log4j 2.12.2 , Log4j v2.15.0 , classic

Customize Logback Configuration for Log Optimization

Continue Reading
0
Abhijit Ghosh
3 min read Min Read
4,153,406 hits in single day! Sounds like a really big number for many of us. I was surprised when I noticed this in Production ELK for the first time. I didn't expect that many hits for an application with only 5 microservices. That too for a Beta application...
, Logging Framework , Logback , Optimization , SLF4J , Log4j , Log4j2 , Logstash , logstash-logback-encoder , ShortenedThrowableConverter , throwableConverter , rootCauseFirst , shortenedClassNameLength , logback.xml , classic

Log Forging by CRLF Injection

Continue Reading
0
Abhijit Ghosh
5 min read Min Read
Live feed forging formed the base of the Professor's "Paris Plan" to rescue Lisbon from police custody in Money Heist (Season 4). A smart attacker always makes or covers up his tracks by forging something. Cyber-attacks inflict loss of reputation and wealth worth millions....
, Log-Forging , Log-Injection , OWASP , CRLF-Encoding , Log4j2 , Logback , security-logging-logback , CRLFConverter , conversionRule , classic