XenForo PSA: Potential security vulnerability in Elasticsearch and more via Apache Log4j (Log4Shell)

XenTR

Yönetici
XenTR Mod
Licenced
SMS Confirmed
Katılım
3 Şub 2019
Mesajlar
2,130
Çözümler
69
Tepki puanı
2,722
Puanları
113
It has come to our attention today that a vulnerability has been discovered in popular Java logging library Log4j 2 which may allow attackers to arbitrarily execute code (remote code execution).

Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch.

XenForo itself is not directly exploitable, and we are currently investigating whether XenForo Enhanced Search can be used as a vector at all, but this is potentially significant enough that an abundance of...

Dear Guests, welcome! Please, Giriş Yap or Kayıt Ol to view hide content!


Dear Guests, welcome! Please, Giriş Yap or Kayıt Ol to view hide content!
 
Quick Jump
2,620Konular
12,449Mesajlar
1,428Kullanıcılar
Geri
Üst