13 December 2021 - IT SecurityJava Library LOG4J: Java library Log4j: BSI has issued a top level security warning

A critical weak point (Log4Shell) in the widely used Java library Log4j has become a major threat, according to the German Federal Office for Information Security (BSI).

Padlock encircled by two arrows (Icon)

Highest Security Warning Issued

This security vulnerability has been endangering millions of online applications worldwide since this past weekend. The BSI has therefore issued a red alert cyber security warning, i.e. its highest level.

The BSI recommends implementing the defense measures outlined in the cyber security warning. In addition, the BSI has made recommendations for users and administrators.

As of 12 December 2021, the Nationaal Cyber Security Centrum of the Netherlands (NCSC-NL) is maintaining a GitHub repository that compiles attack detection information as well as other verified information from software companies regarding the vulnerability of their software into a single overview.
Note: The list of affected software is not exhaustive.
 
In addition to the BSI, DFN-CERT has also produced a useful article on log4j.