Appsec Phoenix

Blog

  • 1st April 2022
    The Spring4Shell confusion

    two RCE vulnerabilities were being discussed on the internet. Most of the people talking about them believe they’re talking about “Spring4Shell” (CVE Added: CVE-2022-22965), but in reality they’re swapping notes about CVE-2022-22963.

  • 26th January 2022
    Log4J / Log4Shell (Part 2): Why so easy to exploit

    We analyse the high effectiveness of log4j and the multiple exploitation paths that show why log4j has such a devastating effect on a lot of systems

  • 24th January 2022
    The Ultimate Guide to Log4Shell: Where Did It Come From and How Do I Stop It?

    In this retrospective article we go trough the common workaround and how to fix log4j with the resource available

  • 3rd January 2022
    Log4Shell – 2.17.x Vulnerable Again? Demystifying CVE-2021-44228

    In the last few weeks, information security professionals have been fighting and updating systems like crazy.

    We have summarized an update on where we are right now and what you can do about resolution

  • 21st December 2021
    Log4Shell – Updates and latest remediation/workflows

    In the last few weeks, information security professionals have been fighting and updating systems like crazy.

    We have summarized an update on where we are right now and what you can do about resolution

  • 10th December 2021
    New 0 Day – RCE in Java Log4Shell package

    A new Remote Code Execution (RCE) has been disclosed in the wild affecting the log4j library for java. Affected Version 2.0 <= Apache log4j <= 2.14.1. Services in cloud-like: Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable.

x Logo: Security Protection
This Site Is Protected By
Security Protection