-
TOCTOU Vulnerability in Log4J 2.15
Log4J has been in the spotlight for the past two weeks for a new attack vector which relies on Java Naming and Directory Interface (JNDI). In this blog, we will detail the new mitigation introduced in 2.15 and the bypass we found using a Time of Check, Time of Use vulnerability (TOCTOU). This vector was also discovered independently…
-
The Worst Log Injection. Ever. (Log4j [2.0.0-alpha,2.14.1] )
There has been such a hype about the Log4j issue and since IMQ Minded Security mission has always been about fixing, this informal post is about what’s going on, how to check if someone’s system is likely affected and how to fix the issue. UPDATE 12-17-2021: Since several bypasses to the mitigations implemented on version 2.15/16…