We got another Log4j critical issue here..
Regards J,
*Windham Wong*
OSWE, OSCP, GCIA, Specialist in Cybersecurity
Co-Founder, Managing Partner of
*Stormeye.io, Hong Kong Managed Security Operation Center Limited*
Specialist in Cybersecurity, Log Management and SIEM System
<https://www.stormeye.io>
Email // [email protected]
Phone // +852_3590_2212_|_+852_9832_0707 <tel:+85235902212>
Fax // +852_3590_2202 <tel:+852_3590_2202>
-------- Forwarded Message --------
Subject: [oss-security] CVE-2022-23307: Apache Log4j 1.x: A
deserialization flaw in the Chainsaw component of Log4j 1 can lead to
malicious code execution.
Date: Tue, 18 Jan 2022 14:42:56 +0000
From: Ralph Goers <[email protected]>
Reply-To: [email protected]
To: [email protected]
Severity: Critical
Description:
CVE-2020-9493 identified a deserialization issue that was present in
Apache Chainsaw. Prior to Chainsaw V2.0 Chainsaw was a component of
Apache Log4j 1.2.x where the same issue exists.
Mitigation:
Upgrade to Apache Log4j 2 and Apache Chainsaw 2.1.0.
Credit:
@kingkk
