JNDI (Java Naming and Directory Interface) is an API that allows Java applications to look up resources by name.
Questions tagged [jndi]
2 questions
70
votes
1 answer
How does the log4shell vulnerability work?
Log4shell is making the news. A vulnerability in the widely used logging tool Log4J is putting many servers and even some desktop applications at risk of remote code execution.
How does this vulnerability work? What sort of mistake makes it…
Anders
- 64,406
- 24
- 178
- 215
1
vote
2 answers
Absence of JndiLookup class on vulnerable version number... Log4Shell safe?
If a version of log4j2 is present on a server (say, 2.5 or 2.7) but the JndiLookup class does not exist in any jars, does this mean this specific implementation of log4j2 is not vulnerable to Log4Shell?
Marcel
- 121
- 4