• A new vulnerability named Log4Shell is being touted as one of the worst cybersecurity flaws to have been discovered. The vulnerability is based on an open-source logging library used in most applications by enterprises and even government agencies.
• The term open source refers to something people can modify and share because its design is publicly accessible.
• Log4j is an important Java-logging framework that is open-source software maintained by a group of volunteer programmers.
• The Log4j library is incorporated in every Java-based online service or application and is used by a variety of businesses to provide application logging. Java is one of the world’s most popular programming languages.
• The vulnerability grants hackers access to an application, and could potentially let them run malicious software on a device or servers.
• The vulnerability is dubbed Log4Shell and is officially CVE-2021-44228 (CVE number is the unique number given to each vulnerability discovered across the world).
• The problem impacts Log4j 2 versions which is a very common logging library used by applications across the world. Logging lets developers see all the activity of an application. Tech companies such as Apple, Microsoft, Google all rely on this open-source library.
• The vulnerability is serious because exploiting it could allow hackers to control java-based web servers and launch what are called ‘remote code execution’ (RCE) attacks. In simple words, the vulnerability could allow a hacker to take control of a system.
• The process of storing application events is known as application logging. It differs from conventional event logs in IT systems in that the information gathered by an application event log is mandated by the programme itself, rather than the operating system. They aid in providing visibility into how our apps perform on each of the infrastructure components. Out of memory exceptions and hard drive errors are examples of log data.
Mains Paper 3: Science and Tech
Prelims level: Log4j
Mains level: Security threats