What's new
By:
Filters
ExtraLicense - Buy, Sell, & Trade Your Licenses

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

XenForo PSA: Potential security vulnerability in Elasticsearch 5+ via Apache Log4j (Log4Shell)

EL PaperBoy

EL PaperBoy

Well-known member
It has come to our attention today that a vulnerability has been discovered in popular Java logging library Log4j 2 which may allow attackers to arbitrarily execute code (remote code execution).

Apache Log4j 2 is bundled with and used in many Java applications including Elasticsearch.

XenForo itself is not directly exploitable, and we are currently investigating whether XenForo Enhanced Search can be used as a vector at all, but this is potentially significant enough that an abundance of...

Read more

Continue reading...
 
You must log in or register to reply here.

Similar threads

EL PaperBoy
Official RSS - PSA: Potential security vulnerability in Elasticsearch and more via Apache Log4j (Log4Shell)
Replies
0
Views
292
EL PaperBoy
EL PaperBoy
EL PaperBoy
XenForo Potential Tags Helper
Replies
0
Views
142
EL PaperBoy
EL PaperBoy
EL PaperBoy
Potential vBSEO vulnerability
Replies
0
Views
833
EL PaperBoy
EL PaperBoy
EL PaperBoy
Potential Security Issue Found in vBulletin Connect 5.1.2.
Replies
0
Views
1K
EL PaperBoy
EL PaperBoy
EL PaperBoy
Security Patch Released for vBulletin 6.X and 5.7.5
Replies
0
Views
134
EL PaperBoy
EL PaperBoy
Top