What pattern identifies Log4j exploitation?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

What pattern identifies Log4j exploitation?

Explanation:
Log4j exploitation hinges on a JNDI lookup embedded in log data. The pattern ${jndi:ldap://...} is the exact signature used to trigger a remote code fetch and execution when Log4j 2 processes a log message containing it. If a vulnerable version logs a string with that pattern, it may contact the LDAP server and load attacker-supplied code, giving the attacker control over the application. The other options are unrelated to this mechanism: a plain GET request, a script tag, or a normal HTTP status line are everyday HTTP artifacts and do not invoke a JNDI-based remote code load.

Log4j exploitation hinges on a JNDI lookup embedded in log data. The pattern ${jndi:ldap://...} is the exact signature used to trigger a remote code fetch and execution when Log4j 2 processes a log message containing it. If a vulnerable version logs a string with that pattern, it may contact the LDAP server and load attacker-supplied code, giving the attacker control over the application. The other options are unrelated to this mechanism: a plain GET request, a script tag, or a normal HTTP status line are everyday HTTP artifacts and do not invoke a JNDI-based remote code load.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy