And theres little you’re able to do about it.
The Haunting
The vulnerability, dubbedLog4 Shell, was first detailed in December 2021.
Unsurprisingly, the cybersecurity community responded with full force, with Apache putting out a patch almost immediately.
Yuichiro Chino / Getty Images
“We were wrong,” write the surprised researchers.
The actual vulnerable attack surface is a lot larger.
Are You at Risk?
Despite the rather significant exposed attack surface, Hay believed theres some good news for the average home user.
A compromised server can potentially reveal all the information the service provider holds about their user.
“The visibility simply does not exist.”
Hay suggested looking for files with .jar, .ear, or .war extensions.
However, the scripts arent graphical, and using them requires getting down to the command line.
“This would help them with any fraud alerts and prevention against any fallouts from wild exploitations.”
