Cybersecurity researchers have discovered an entirely new attack vector that enables adversaries to exploit the Log4Shell vulnerability on servers locally by using a JavaScript WebSocket connection.
"This newly-discovered attack vector means that anyone with a vulnerable Log4j version on their machine or local private network can browse a website and potentially trigger the vulnerability,"
https://thehackernews.com/2021/12/new-local-attack-vector-expands-attack.html?utm_source=dlvr.it&utm_medium=blogger
No comments:
Post a Comment