- Mark as New
- Follow
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report
Hi, for the all comunity memebers who work with on-premise solutions you can use the following code on your exposed servers (usualy tracking ones) to search the logs in order to see if attacks were tried:
Where posible upgrade you log4j 2 on latest 2.15.0 version
Nice way to see if you are exposed to this threat: Start netcat parallel to your app:
then type the following in the app where gets logged (ex. the query string of your search):
If you then see a lot of garbage emojies in the netcat console you are vulnerable!
Sorry about pictures above. Article just won't to accept any code even if code tags used.
Regards,
Milan