Apache Log4j vulnerability is a critical zero-day code execution vulnerability. On December 9, 2021, the Internet was set on fire when an exploit was posted publicly for Apache Log4J - a well-known logging utility in the Java programming language.
Apache Log4j vulnerability CVE-2021-44228 is a critical zero-day code execution vulnerability with a CVSS base score of 10. This weakness poses a significant risk to many applications and cloud services and it needs to be patched right away!
The Apache Software Foundation has published a new version 2.4.52 of the Apache HTTP Server to fix two vulnerabilities in one of the world's most popular web servers - one of which is rated as high, and the other as critical.
While all vulnerabilities listed by CISA are critical and should be prioritized for patching, five vendors stand out from the rest with the most number of CVEs associated with their products.
On October 4, 2021, Apache announced fixes for a couple of vulnerabilities, including a zero-day flaw that affects Apache HTTP Server version 2.4.49โa widely used open-source, cross-platform web server for Unix and Windows.