Log4j: Letting the JNDI out of the bottle

In the diagram above, an attacker wants to attempt to exploit a Java web application. This hypothetical Java web application uses Log4j2 to log HTTP requests. The version of Log4j2 that implements logging for this application is vulnerable to the JNDI lookup vulnerability, and it is running…

Source: securityboulevard.com – Read more