# "*": "https://raw.githubusercontent.com/wefindx/schema/master/intent/oo-item.yaml" # "base:title": "0oo - what is log4j" "og:title": "what is log4j" "og:description": "A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week. The list of potential victims encompasses nearly a third of all web servers in the world, according to cybersecurity firm Cybereason. Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, and one of the world's most popular video games, Minecraft count themselves among the slew of tech and industry giants running the popular software code that U.S. officials estimate have left hundreds of millions of devices exposed. By Friday, more than 3,700,000 hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm …" "og:image": "https://avatars0.githubusercontent.com/u/28134655" "og:url": "/intent/107001/" "base:css": "/static/css/bootstrap.min.9c25540d6272.css" "base:extra-css": "/static/css/base.57997aeac1df.css" "base:favicon": "/static/favicon.acaa334f0136.ico" "base:body_class": "" "layout:logo": "/static/0oo.8d2a8bbef612.svg" "layout:index": "/" "layout:menu": "/menu/" "layout:categories": "/intents/" "layout:ideas": "/methods/" "layout:projects": "/projects/" "layout:users": "/users/" "layout:about": "/about/" "layout:help": "/help/" "layout:bug_report": "https://github.com/wefindx/0oo" "layout:login": "/accounts/login/" "layout:light-off": "/darken/?darken=true" "layout:set-multilingual": "/mulang/?mulang=true" "layout:lang": "言語" "layout:set-language-post-action": "/i18n/setlang/" "layout:csrf-token": "0q7Fm2lTuVPvxMoaRXyMGpti5uCpq7t8HTH3rT4Qfi1zJGiuM1TVDiPLpltOl38s" "layout:input-next": "/intent/107001/" "layout:languages": [{"code": "ja", "is-active": "true", "name": "日本語"}, {"code": "lt", "is-active": "false", "name": "Lietuviškai"}, {"code": "zh-hans", "is-active": "false", "name": "简体中文"}, {"code": "en", "is-active": "false", "name": "English"}, {"code": "ru", "is-active": "false", "name": "Русский"}, {"code": "oo", "is-active": "false", "name": "O;o,"}] # "item:parent:intents": [{"title": "コンピュータセキュリティ", "url": "/intent/108001/"}, {"title": "ゼロデイ攻撃", "url": "/intent/109001/"}] "item:title": "what is log4j" "item:votes": 0 "item:add-vote": "#addnote" "item:intent": "/intent/107001/?l=ja" "item:base-administration": false "item:body": | .:en A vulnerability living inside a Java-based software known as "Log4j" shook the internet this week. The list of potential victims encompasses nearly a third of all web servers in the world, according to cybersecurity firm Cybereason. Twitter, Amazon, Microsoft, Apple, IBM, Oracle, Cisco, Google, and one of the world's most popular video games, Minecraft count themselves among the slew of tech and industry giants running the popular software code that U.S. officials estimate have left hundreds of millions of devices exposed. By Friday, more than 3,700,000 hacking attempts had been made to exploit the vulnerability, according to leading cybersecurity firm Checkpoint, with more than 46% conducted by known malicious groups. "item:permalink": "/intent/107001/?l=ja" "item:source-date": "" "item:owner": "Bassxn2" "item:ownerlink": "/user/33001/Bassxn2" "item:created": "2021-12-23T19:11:28.018275" "item:intent:child:add": "/admin/hlog/intent/add/?parent=107001" # "item:method:items": "item:method:add": "/admin/hlog/method/add/?parent=107001" "item:comment:add": "/intents/addnote?parent=107001" "item:comment:add:csrf_token": "0q7Fm2lTuVPvxMoaRXyMGpti5uCpq7t8HTH3rT4Qfi1zJGiuM1TVDiPLpltOl38s" "item:comment:form": |
  • コメントが新しい問題を挙げるとマークする。
  • コメントが潜在的な解決を提供するとマークする。
  • コメントが推論に役に立つの事実があるとマークする。
  • ログインしてください。 # "item:comment:items": - "id": "r-220001" "mtrans": | インフィニティへようこそ、[Bassxn2]! :) log4jは[コンピューターのセキュリティ](https://0oo.li/intent/108001/computer-security)の問題であり、[0-day](https://0oo.li/intent/109001/0- Log4jはあらゆる種類のソフトウェアで使用される非常に人気のあるライブラリであるため、この問題は非常に広範囲に及んでいます。 簡単に修正できるのは良いことです。 -Java8のLog4jから `> = 2.17.0` -Java7のLog4jから `> = 2.12.3` -Java6のLog4jから `> = 2.3.1`へ -または、 `zip -q -dlog4j-core-*。jarorg / apache / logging / log4j / core / lookup / JndiLookup.class` 侵入の痕跡を探す: -Log4jのログを確認し、JNDIレコードを検索します -例:[https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b](https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b) -分析スクリプト(Python):[https://github.com/Neo23x0/log4shell-detector](https://github.com/Neo23x0/log4shell-detector) (この分析スクリプトは、ここにリンクするのに適したプロジェクトである可能性があります。) この問題は非常に状況に応じて時間に敏感であり、長期的なグローバルな課題ではないことに注意してください。 [有効期限が切れています] "text": | Welcome to Infinity, [Bassxn2]! :) The log4j is a [computer security](https://0oo.li/intent/108001/computer-security) issue, and [0-day](https://0oo.li/intent/109001/0-day)-ish issue, and it's super-widespread, because Log4j is very popular library used in all kind of software. It's good it's easy to fix: - Java 8's Log4j to `>=2.17.0` - Java 7's Log4j to `>=2.12.3` - Java 6's Log4j to `>=2.3.1` - OR remove `zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class` Lookup for traces of intrusion: - Review logs of Log4j, search for JNDI records - Examples: [https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b](https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b) - Analysis script (Python): [https://github.com/Neo23x0/log4shell-detector](https://github.com/Neo23x0/log4shell-detector) (This analysis script may be a good project to link here.) Take a note, that this issue is very circumstantial time-sensitive, it is not a long-term global challenge. [marked-for-expiry] "owner": "Mindey" "ownerlink": "/user/147/Mindey" "permalink": "/intent/107001/?l=ja#r-220001" "created": "2021-12-23T23:34:33.093107" "vote": "" - "id": "r-221001" "mtrans": | ありがとう!そして、詳細と説明に感謝します。了解しました。 "text": | Thank you! And thanks for elaboration and explanation, appreciated. Noted. "owner": "Bassxn2" "ownerlink": "/user/33001/Bassxn2" "permalink": "/intent/107001/?l=ja#r-221001" "created": "2021-12-24T10:30:16.782767" "vote": "" "base:js": "/static/js/base.c7357c06cc89.js"