On December 10, 2021, a critical remote code execution (RCE) vulnerability in Apache’s widely used Log4j Java library (CVE-2021-44228) sent shockwaves across the online world. Also known as Log4Shell, this zero-day vulnerability has impacted huge portions of the internet and web applications because of Log4j’s widespread use. Successful exploitation of Log4Shell can allow a remote, unauthenticated attacker to take full control of a target system.
To help organizations address this vulnerability and offer mitigation guidance, the Rapid7 team is coming together to discuss:
- Details on how this vulnerability works and what kind of system it impacts
- The ways this vulnerability can be and is being exploited in the wild and why it’s such a critical situation
- What organizations can expect in the coming days and weeks, and possible long-term impacts
- Mitigation and detection guidance, including actionable next steps organizations can take
- Recommended resources to learn more and stay on top of updates