News - PSA: Potential security vulnerability in Elasticsearch 5+ via Apache Log4j (Log4Shell)

It has come to our attention today that a vulnerability has been discovered in popular Java logging library Log4j 2 which may allow attackers to arbitrarily execute code (remote code execution).

Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch.

XenForo itself is not directly exploitable, and we are currently investigating whether XenForo Enhanced Search can be used as a vector at all, but this is potentially significant enough that an abundance of...

Read more

By: XenForo
 

Themen-Statistiken

Erstellt
XenForo,
Letzte Antwort von
lhoppe,
Antworten
24
Aufrufe
11

Advertising

Zurück
Oben