Skip to content

Log4Shell

Understanding the Log4Shell Vulnerability and Its Impact

Watch our on-demand webinar to learn how to safeguard your organization from Log4Shell
Table of Contents

What is Log4Shell?

Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was disclosed in the Log4J utility managed by the Apache Foundation. Specifically, log4shell refers to CVE-2021-44228 and associated vulnerabilities. If an application is using a vulnerable version of log4j, an attacker can trigger the application to reach out to an attacker-controlled host which then deploys malicious code on the application’s server and gives the attacker control over the application and the server it sits on. 

 

Learn More About Contrast Security

Contrast is the clear customers’ choice

Contrast is named a Customers’ Choice in the 2021 Gartner Peer Insights “Voice of the Customer”: Application Security Testing report. With the highest percentage of 5-star ratings, this is the third consecutive year Contrast has received this powerful endorsement from customers.

Download the Report
gartner-peer-insight-2021

Built for Developers. Trusted by Security.

Infosys
ring-central-logo-1
bmw-logo-rgb
backbase-logo-2
intuit-logo
credit-suisse

Learn Secure Code

Cross Site Scripting (XSS)

CROSS SITE SCRIPTING (XSS)

Learn about Cross site scripting (XSS) and how it affects your Java source code

Start Lesson
SQL Injection - Java-1

SQL INJECTION

Learn about SWL injection and how it affects your Java source code

Start Lesson
Client Side Injection

CLIENT SIDE INJECTION

Learn about client-side injection and how it can affect your source code

Start Lesson