Jump to content
Forum²

PSA: Potential security vulnerability in Elasticsearch and more via Apache Log4j (Log4Shell)


Recommended Posts

Guest XenForo
Posted

It has come to our attention today that a vulnerability has been discovered in popular Java logging library Log4j 2 which may allow attackers to arbitrarily execute code (remote code execution).

 

Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch.

 

XenForo itself is not directly exploitable, and we are currently investigating whether XenForo Enhanced Search can be used as a vector at all, but this is potentially significant enough that an abundance of...

 

Read more

 

Continue reading...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...