{"id":44504,"date":"2021-12-15T15:19:39","date_gmt":"2021-12-15T15:19:39","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32913\/Apache-Takes-Off-Nukes-Insecure-Feature-At-The-Heart-Of-Log4j-From-Orbit-With-2.16.html"},"modified":"2021-12-15T15:19:39","modified_gmt":"2021-12-15T15:19:39","slug":"apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/","title":{"rendered":"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16"},"content":{"rendered":"<p>Last week, version 2.15 of the widely used open-source logging library Log4j was released to tackle a critical security hole, dubbed Log4Shell, which could be trivially abused by miscreants to hijack servers and apps over the internet.<\/p>\n<p>That <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/2021\/12\/13\/log4j_rce_latest\/\" rel=\"noopener\">release<\/a> closed the hole (<a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\">CVE-2021-44228<\/a>) by disabling by default the Java library&#8217;s primarily exploitable functionality: JNDI message lookups. Now version 2.16 is out, and it disables all JNDI support by default, and removes message lookup handling entirely for good measure, hopefully finally preventing further exploitation.<\/p>\n<p>This is needed because version 2.15 is still exploitable in certain non-default configurations, and this moderate-severity oversight has earned its own bug ID: <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2021-44228\">CVE-2021-45046<\/a>.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Crucially, this move is defense in depth: Apache conceded JNDI &#8220;has significant security issues,&#8221; so it&#8217;s just deactivated it by default with a fresh release. Version 2.15 was most probably enough to protect you from attack, version 2.16 makes it certain.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>It all comes as network observers <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/eastdakota\/status\/1470705081003614218\">say<\/a> they&#8217;re seeing tens of thousands of attempts per minute to exploit internet systems via the logging library, with miscreants using the remote-code-execution hole to steal cloud infrastructure credentials, and deploy cryptocoin miners and ransomware, at least.<\/p>\n<div class=\"boxout\">\n<h3 class=\"crosshead\"><span>Quick links<\/span><\/h3>\n<ul>\n<li>The logging library is commonly used by Java code and is buried in tons of software, including some security defense products. Some useful commands for finding evidence of Log4j deployments on Linux boxes are <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/twitter.com\/cyb3rops\/status\/1470689721990922242\">listed here<\/a><\/li>\n<li>Check Point Research <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/blog.checkpoint.com\/2021\/12\/13\/the-numbers-behind-a-cyber-pandemic-detailed-dive\/\">says<\/a> it&#8217;s seen at least 60 variants of exploit code used against vulnerable machines<\/li>\n<li>How the flaw was found and reported, and <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.bloomberg.com\/news\/articles\/2021-12-13\/how-apache-raced-to-fix-a-potentially-disastrous-software-flaw\">the scramble<\/a> to patch it in time as word spread of the hole<\/li>\n<li>The US government&#8217;s <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.cisa.gov\/uscert\/ncas\/current-activity\/2021\/12\/13\/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228\">hub of information<\/a> about the vulnerability and what to do next<\/li>\n<li>The Netherlands&#8217; National Cyber Security Center&#8217;s <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/github.com\/NCSC-NL\/log4shell\">incredible collection<\/a> of software and other products affected by Log4Shell that will need patching or protecting as well as indicators of compromise and other info<\/li>\n<li><i>El Reg<\/i>&#8216;s <a target=\"_blank\" href=\"https:\/\/www.theregister.com\/Tag\/log4j\" rel=\"noopener\">coverage<\/a> of Log4Shell<\/li>\n<\/ul>\n<\/div>\n<p>In its latest <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/issues.apache.org\/jira\/browse\/LOG4J2-3208\">release notes<\/a> for Log4j 2.x, the Apache Foundation said: &#8220;Dealing with CVE-2021-44228 has shown the JNDI has significant security issues. While we have mitigated what we are aware of it would be safer for users to completely disable it by default, especially since the large majority are unlikely to be using it.&#8221;<\/p>\n<p>Thus version 2.16.0 has shipped with JNDI, the Java Naming and Directory Interface, switched off. JNDI is the API that was explosively discovered to be exploitable in Log4j last week. It&#8217;s supported by Log4j so that objects can be fetched from remote servers to use in log entries.<\/p>\n<p>With JNDI enabled, Log4j could be tricked into fetching Java code from an attacker-controlled server and blindly executing it, compromising the device. To achieve this, the attacker would need to feed some specially crafted text in, say, an app account username or site search query, that when logged by Log4j would trigger the remote code execution.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>According to the Apache team:<\/p>\n<p>That basically means if you want to use JNDI lookups, you need to take the safeties off your software stack.<\/p>\n<p>NCC Group&#8217;s Jeff Dileo mused in a <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/research.nccgroup.com\/2021\/12\/12\/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228\/\">blog post<\/a>: &#8220;In reality, the JNDI stuff is regrettably more of an &#8216;enterprise&#8217; feature than one that developers would just randomly put in if left to their own devices. Enterprise Java is all about antipatterns that invoke code in roundabout ways to the point of obfuscation, and supporting ever more dynamic ways to integrate weird protocols like RMI to load and invoke remote code dynamically in weird ways.&#8221;<\/p>\n<p>Essentially, if you&#8217;re using (or deploying) Log4j 2.x versions 2.14 or below, upgrade to 2.16, and if you&#8217;re already on 2.15, consider 2.16 for peace of mind: the JNDI code is not known to be terribly secure.<\/p>\n<h3 class=\"crosshead\"> <span>Exploitation probably from crims rather than nation states<\/span><br \/>\n<\/h3>\n<p>Britain&#8217;s National Cyber Security Centre earlier today said it wasn&#8217;t seeing much obviously malicious web traffic linked to Log4j other than scanning to identify vulnerable systems, though as the day has worn on, infosec folk say attacks are ramping up. Bitdefender <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/businessinsights.bitdefender.com\/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild\">claimed<\/a> to have seen a ransomware raid on Windows machines involving a Log4j exploit, dubbing the ransomware Khonsari.<\/p>\n<p>Kaspersky Lab published some <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/securelist.com\/cve-2021-44228-vulnerability-in-apache-log4j-library\/105210\/\">findings<\/a> from its telemetry suggesting most exploit attempts were being launched from Russian IP addresses, which in itself doesn&#8217;t mean anything yet \u2013 though it chimes with previously reported information from Bitdefender.<\/p>\n<p>For now, developers need to roll out their application and server software with patched versions of Log4j, and organisations need to not only install them but also check to see if they&#8217;ve already been pwned. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32913\/Apache-Takes-Off-Nukes-Insecure-Feature-At-The-Heart-Of-Log4j-From-Orbit-With-2.16.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9789],"class_list":["post-44504","post","type-post","status-publish","format-standard","hentry","category-packet-storm","tag-headlineflawpatchapache"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-15T15:19:39+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16\",\"datePublished\":\"2021-12-15T15:19:39+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/\"},\"wordCount\":789,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"keywords\":[\"headline,flaw,patch,apache\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/\",\"name\":\"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2021-12-15T15:19:39+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,flaw,patch,apache\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineflawpatchapache\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/","og_locale":"en_US","og_type":"article","og_title":"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-12-15T15:19:39+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16","datePublished":"2021-12-15T15:19:39+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/"},"wordCount":789,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","keywords":["headline,flaw,patch,apache"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/","url":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/","name":"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2021-12-15T15:19:39+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2Yb@@bNnIPoY-R7JQ8FpQdAAAABE&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/apache-takes-off-nukes-insecure-feature-at-the-heart-of-log4j-from-orbit-with-2-16\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,flaw,patch,apache","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineflawpatchapache\/"},{"@type":"ListItem","position":3,"name":"Apache Takes Off, Nukes Insecure Feature At The Heart Of Log4j From Orbit With 2.16"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44504","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44504"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44504\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44504"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44504"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44504"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}