Back to Listing
What is Log4Shell?
Log4shell is the nickname provided to the Remote Code Execution (RCE) vulnerability that was disclosed in the Log4J utility managed by the Apache Foundation. Specifically, log4shell refers to CVE-2021-44228 and associated vulnerabilities. If an application is using a vulnerable version of log4j, an attacker can trigger the application to reach out to an attacker-controlled host which then deploys malicious code on the application’s server and gives the attacker control over the application and the server it sits on.