1.2 漏洞评级及影响版本
Apache Log4j 远程代码执行漏洞 严重
影响的版本范围:Apache Log4j 2.x <= 2.14.1
2.log4j2 漏洞简单演示
创建maven工程
引入jar包依赖
<dependencies>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-api</artifactId>
<version>2.14.0</version>
</dependency>
<dependency>
<groupId>org.apache.logging.log4j</groupId>
<artifactId>log4j-core</artifactId>
<version>2.14.0</version>
</dependency>
</dependencies>
编写log4j2配置文件
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN">
<!--全局参数-->
<Properties>
<Property name="pattern">%d{yyyy-MM-dd HH:mm:ss,SSS} %5p %c{1}:%L -