F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

We've had quite a flurry of look-alike vulnerabilities recently - log4shell, Spring4Shell, Apache Commons Configuration CVE-2022-33980 - all of which center around how various frameworks parse inpu...

Updated Dec 12, 2022

Version 2.0

security

twis

AaronJB

Ret. Employee

20+ years in IT as a software developer, network engineer, *nix admin, security engineer and scruffy-looking nerf herder. Current holder of SANS GCIH, GWAPT and GPEN certifications as well as F5-CS and CTS-ASM certifications.

View Profile

AaronJB

Ret. Employee

Dec 13, 2022

Absoultely - log4shell, at least, gives you complete remote code execution on the target vulnerable server (say a logging server sitting behind the BIG-IP), so you are free to drop webshells, malware, reverse shells, pivot to other hosts etc - being exposed is very bad indeed!

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Beware, your logs - how blocked log4shell, Spring4Shell etc requests can still lead to compromise

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS