all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Just Because You Don’t Use Log4j or Spring Beans Doesn’t Mean Your Application is Unaffected

Add to bookmarks
April 20, 2022, 3:28 p.m. | hgoslin@veracode.com (hgoslin)

Application Security Research, News, and Education Blog www.veracode.com

By now, you’re probably all aware of the recent Log4j and Spring Framework vulnerabilities.  
As a recap, the Log4j vulnerability – made public on December 10, 2021 – was the result of an exploitable logging feature that, if successfully exploited, could allow attackers to perform an RCE (Remote Code Execution) and compromise the affected server.  
The Spring Framework vulnerability – made public on March 29, 2021 – was caused by unforeseen access to Tomcat’s ClassLoader as a result of the …

application don log4j spring

Visit resource

More from www.veracode.com / Application Security Research, News, and Education Blog

Enhancing Developer Efficiency With AI-Powered Remediation 1 day, 17 hours ago | www.veracode.com
ai-powered code code security copilot +21
Speed vs Security: Striking the Right Balance in Software Development with AI 1 week ago | www.veracode.com
ai software artificial artificial intelligence balance +15
Veracode Advances Cloud-Native Application Security with Longbow Acquisition 3 weeks, 2 days ago | www.veracode.com
acquisition application application security cloud +22
Veracode Customers Shielded from NVD Disruptions 3 weeks, 6 days ago | www.veracode.com
analysis customers cves database +13
Resolving Simple Cross-Site Scripting Flaws with Veracode Fix 4 weeks, 1 day ago | www.veracode.com
application blog code cross-site +16
Security Debt: A Growing Threat to Application Security 1 month ago | www.veracode.com
application application security debt development +17
A Timely Shift: Prioritizing Software Security in the 2024 Digital Landscape 1 month, 1 week ago | www.veracode.com
address attack attack surface back +16
Integrating Veracode DAST Essentials into Your Development Toolchain 1 month, 2 weeks ago | www.veracode.com
application applications application security application security testing +21
The Risks of Automated Code Generation and the Necessity of AI-Powered Remediation 1 month, 2 weeks ago | www.veracode.com
ai-powered automated can code +22

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Level 1 SOC Analyst

@ Telefonica Tech | Dublin, Ireland
View on infosec-jobs.com

Specialist, Database Security

@ OP Financial Group | Helsinki, FI
View on infosec-jobs.com

Senior Manager, Cyber Offensive Security

@ Edwards Lifesciences | Poland-Remote
View on infosec-jobs.com

Information System Security Officer

@ Booz Allen Hamilton | USA, AL, Huntsville (4200 Rideout Rd SW)
View on infosec-jobs.com

Senior Security Analyst - Protective Security (Open to remote across ANZ)

@ Canva | Sydney, Australia
View on infosec-jobs.com
View more jobs