The new Log4j vulnerability is similar to Log4Shell in that it also affects the logging library, but this DoS flaw has to do with Context Map lookups, not JNDI.

On December 9, when the Apache Software Foundation disclosed a massive vulnerability in Log4j, its Java logging library, it triggered a cat-and-mouse game as IT professionals raced to secure their ...

A WARNING has been issued for those who use the Log4J logging library that a spreading botnet could open up “a whole new pool of potential victims.” The warning was issued by Cybersecur… ...

The pervasiveness of the Log4j logging software — and the fact that it’s often leveraged indirectly via Java frameworks — has made the issue difficult to fully address for many organizations.

Third Log4J security flaw has been discovered. Thus, Apache issued another patch to fix the newly found “critical” Log4j vulnerability.

Apache Log4j Mitigation Summary Attackers are exploiting a vulnerability in the Log4j logging platform on systems running Apache software that is written in Java and utilizes the log4j library.

A new Apache Log4j vulnerability and a major attack on a military body using Log4Shell have come to light as security teams work to patch.

Log4j scanner by CISA or the Cybersecurity and Infrastructure Security Agency has been released to look for security vulnerabilities and flaws from apps.

It happens that Log4j, a popular open source logging package for Java, is a good example of a modular design based on orthogonality.