Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

We've had quite a flurry of look-alike vulnerabilities recently - log4shell, Spring4Shell, Apache Commons Configuration CVE-2022-33980 - all of which center around how various frameworks parse inpu...
Updated Dec 12, 2022
Version 2.0
security
twis
AaronJB's avatar
Ret. Employee
20+ years in IT as a software developer, network engineer, *nix admin, security engineer and scruffy-looking nerf herder. Current holder of SANS GCIH, GWAPT and GPEN certifications as well as F5-CS and CTS-ASM certifications.
View Profile
Holmes69's avatar
Holmes69
Icon for Nimbostratus rankNimbostratus
Dec 13, 2022

The exploitation of this vulnerability allows the attacker to install a webshell on the affected server leading to further command execution.