LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

log4Shell Vulnerability: "Worst Hack in History"

Apache log4jVulnerabilities don’t get much worse than cases where typing the right characters into a chat box gives you remote access to the world’s Minecraft servers.  Whoops.

It’s been termed the worst hack in history, primarily by those seeking cheap clicks, but still…it’s not good.  The CVE is rated a 10.0.

The vulnerability will “haunt the Internet for years” (according to some).  The reason is that it’s not a front-line or top-stack component but rather something that’s bolted-on as needed at various places in the Java ecosystem.  The problem is identifying where it’s in use – your own code, vendor products, open source dependencies, etc.

Interestingly, this may give a boost to those demanding a “software bill of materials”.  You can’t buy a piece of industrial equipment without being told all the hazardous materials involved, etc., so why not receive a similar safety list when buying software?

Patches for this vulnerability are already available.  The typical LowEndBox reader is less likely to be running a lot of Java…but it does show up in places like Minecraft and also most enterprisey software.  Just update already.


No Comments

    Leave a Reply

    Some notes on commenting on LowEndBox:

    • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
    • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
    • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

    Your email address will not be published. Required fields are marked *