XenForoPSA: Potential security vulnerability in Elasticsearch and more via Apache Log4j (Log4Shell)

Sort by date Sort by reactions
XenTR

XenTR

Administrative
Moderating
Licenced
SMS Confirmed
Registered
Joined
Feb 3, 2019
Messages
2,766
Solutions
106
Reaction score
3,088
Points
248
1/3
Thread owner
It has come to our attention today that a vulnerability has been discovered in popular Java logging library Log4j 2 which may allow attackers to arbitrarily execute code (remote code execution).

Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch.

XenForo itself is not directly exploitable, and we are currently investigating whether XenForo Enhanced Search can be used as a vector at all, but this is potentially significant enough that an abundance of...

Dear Guests, welcome! Please, Log in or Register to view hide content!


Dear Guests, welcome! Please, Log in or Register to view hide content!
 
You must log in or register to reply here.
Quick Jump

Legal Notice

As a content provider sharing platform, users of our site at xentr.net are responsible for their own posts, according to Article 8 of Law No. 5651 and Article 125 of the Turkish Penal Code (T.C.K.). All legal complaints regarding XenTR.Net will be reviewed within 3 (three) days after contacting us via the provided contact link, in accordance with the relevant laws and regulations. Necessary actions will be taken, and the site administrators will provide the necessary information.

Currently on our website
163 User Active  (1 member, 162 visitor)
Members online
Threads 4,579
Messages 16,482
Members 1,650
Latest member flyingron
Back
Top Bottom