A Log4Shell Retrospective – Overblown and Exaggerated

Two years ago, CVE-2021-44228 sent the security industry into a panic. The vulnerability, better known as Log4Shell, had security professionals working overtime through the holidays hunting down vulnerable log4j libraries.

At the time, there was fear and confusion around what software was affected, which were exploitable, and where attackers would attack next. The reality was that – at the time – very few products using the vulnerable log4j libraries were remotely exploitable for code execution.

Read more…
Source: VulnCheck