learning
Test driving the Log4Shell vulnerability with various versions of Java and observing the network egress connections
Log4Shell in a nutshellโ
โ An attacker is able to conduct a completely unauthenticated Remote Code Execution on a publicly-exposed service.
โ If a JVM-based service (Java, Scala, etc.) is using the log4j logging library (very popular), the service is vulnerable.
โ A patched version of the log4j library, version 2.15.0, that fixes this issue was released on 06 Dec 2021.
โ log4j 2.16.0 was released at 13 Dec 22:28 with the following note: