Nicknamed Log4Shell, this security box allows an attacker to execute computer code on the server of a business. Many researchers have expressed their concern.
Le Monde
Computer security experts have alerted, Friday, November 10, on a significant software vulnerability endangering a large number of servers (computers that host services and sites Web).
Called “Log4Shell”, this security breach relates to several APACHE versions, one of the main software used to operate the servers. More specifically, the discovery vulnerability comes from Log4J, a library used by Java language to record information about the server, such as error reports or connection data. Several experts discovered that it was possible to send to the server a link to a web page, and to read the contents of this page by the bookstore. If this page contains Java code, it can be run on the server.
The vulnerabilities that make it possible to operate from the remote computer code on a machine (“Remote Code Execution”), as Log4Shell, are particularly dangerous because they can for example allow an attacker to enter a server.
An update published
According to The specialized site Bleeping Computer , this vulnerability initially been discovered and communicated to Apache as early as November 24 by Chen Zhaojun, an expert from the Chinese company Ali Baba. A fix has been published by the Company , but it is the owners of the servers to then apply this update to prevent an attacker from exploiting this flaw. The alert was also sounded by CERTs (“Computer Emergency Response Team”, waking centers responsible for monitoring in real time the software threats and faults) of several countries, including France
The accurate list of potentially vulnerable services has not yet been established, but servers used by iCloud, Apple’s online hosting service, but also the Steam video game store, and the very popular game Minecraft, could be concerned . Mojang, the publisher of Minecraft, has already published an alert on his site, inviting all server owners to make updates