Cyber security: Log4j vulnerability issue explained

| | Updated on: Dec 29, 2021
image caption

The Log4j vulnerability allows malicious attackers to execute code remotely on any targeted computer

What is Log4j : Log4j an open source software, a logging library for Java, is widely used by businesses and web portals. Earlier this month, this open source software was in the news for its vulnerabilities.

According to the Indian Computer Emergency Response Team (CERT), multiple vulnerabilities have been reported in Apache Log4j, which could be exploited by a remote attacker to execute arbitrary code or perform denial of service attack on the targeted servers. Log4j is a Java-based logging library included in Apache open source project.


The issue : Being used by many businesses and websites around the globe as a Java language, this software is publicly accessible and used to collect and store records of activity on a server. In this case, the vulnerability discovered allows malicious attackers to execute code remotely on any targeted computer. In simple terms, hackers can easily steal data or take control over the system. This vulnerability has the potential to expose organisations to new waves of cybersecurity risks, where the attackers can exploit using Remote Code Execution (RCE).

According to a report in The Hindu (

), the vulnerability presents a large attack surface particularly due to the ubiquitous use of the Log4j library in Java software. Many proprietary applications developed and used by large companies rely on the Log4j library for logging purposes and are similarly vulnerable, the report added.


How the vulnerability can affect computers: This vulnerability is a challenge that will be faced by many companies and organisations that run software applications and websites, because Java is so widespread.

Companies coming up with solutions: Crowdstrike, an American cybersecurity technology company, has launched a free targeted Log4j search tool that performs a targeted search by scanning a given set of directories, and then runs a deeper scan on those file types matching against a known set of checksums for Log4j libraries, it said in a blog.

Global cybersecurity company Kaspersky details in its blog the measures to be taken to safeguard against this vulnerability. One should follow the Apache guidelines in their website and install the most recent version of the library (i.e.2.15.0). Businesses should use a security solution that provides exploit prevention, vulnerability and patch management components. In addition, the company also recommended installing security solutions on the servers, this will allow one to detect the launch of malicious code and stop the attack’s development.

Published on December 29, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

  1. Comments will be moderated by The Hindu editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.

You May Also Like

Recommended for you