{"id":1592,"date":"2022-01-06T14:01:17","date_gmt":"2022-01-06T06:01:17","guid":{"rendered":"https:\/\/blog.billows.com.tw\/?p=1592"},"modified":"2022-01-06T14:10:11","modified_gmt":"2022-01-06T06:10:11","slug":"%e7%be%8e%e5%9c%8b%e8%81%af%e9%82%a6%e8%b2%bf%e6%98%93%e5%a7%94%e5%93%a1%e6%9c%83%ef%bc%9a%e7%ab%8b%e5%8d%b3%e4%bf%ae%e8%a3%9c-log4j-%e6%bc%8f%e6%b4%9e%e5%90%a6%e5%89%87%e5%b0%87%e9%9d%a2%e8%87%a8","status":"publish","type":"post","link":"https:\/\/blog.billows.com.tw\/?p=1592","title":{"rendered":"\u7f8e\u570b\u806f\u90a6\u8cbf\u6613\u59d4\u54e1\u6703\uff1a\u7acb\u5373\u4fee\u88dc Log4j \u6f0f\u6d1e\u5426\u5247\u5c07\u9762\u81e8\u5de8\u984d\u7f70\u6b3e"},"content":{"rendered":"\n<p>\u7f8e\u570bFTC\u4eca\u5929\u5728\u4e00\u7bc7\u95dc\u65bc\u56b4\u91cd\u5b89\u5168\u6f0f\u6d1eLog4Shell\u7684<a href=\"https:\/\/www.ftc.gov\/news-events\/blogs\/techftc\/2022\/01\/ftc-warns-companies-remediate-log4j-security-vulnerability\">blog\u6587\u7ae0<\/a>\u4e2d\u8b66\u544a\u8aaa\uff0c\u672a\u80fd\u4fdd\u8b77\u6d88\u8cbb\u8005\u6578\u64da\u514d\u53d7 Apache Log4j\u6f0f\u6d1e\u653b\u64ca\u7684\u516c\u53f8\u6709\u9762\u81e8\u6cd5\u5f8b\u8a34\u8a1f\u548c\u7f70\u6b3e\u7684\u98a8\u96aa\uff0cFTC\u540c\u6642\u63d0\u5230 2017 \u5e74 Equifax \u56e0\u672a\u4fee\u88dc\u6f0f\u6d1e\u4ee5\u53ca\u5176\u96a8\u4e4b\u800c\u4f86\u7684\u6cd5\u5f8b\u5f8c\u679c\u3002<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"865\" height=\"612\" src=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/01\/image-1.png\" alt=\"\" class=\"wp-image-1593\" srcset=\"https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/01\/image-1.png 865w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/01\/image-1-300x212.png 300w, https:\/\/blog.billows.com.tw\/wp-content\/uploads\/2022\/01\/image-1-768x543.png 768w\" sizes=\"auto, (max-width: 865px) 100vw, 865px\" \/><\/figure>\n\n\n\n<p>\u7f8e\u570b\u806f\u90a6\u8cbf\u6613\u59d4\u54e1\u6703 (Federal Trade Commission -FTC)\u9031\u4e8c\u8b66\u544a\u7f8e\u570b\u516c\u53f8\uff0c\u5982\u679c\u4ed6\u5011\u7684\u5ba2\u6236\u53d7\u5230\u6d89\u53caLog4j\u6f0f\u6d1e\u5229\u7528\u7684\u653b\u64ca\u7684\u5f71\u97ff\uff0c\u4ed6\u5011\u53ef\u80fd\u6703\u9762\u81e8\u6cd5\u5f8b\u8a34\u8a1f\u3002FTC \u4ee5 Equifax \u70ba\u4f8b\uff0c\u5f37\u8abfEquifax\u662f\u4e09\u5927\u4fe1\u7528\u5831\u544a\u6a5f\u69cb\u4e4b\u4e00\uff0c\u8a72\u516c\u53f8\u672a\u80fd\u5728 2017 \u5e74\u4fee\u88dc\u5df2\u77e5\u7684 Apache Struts\u6f0f\u6d1e\u5f8c\uff0c\u5c0e\u81f4 1.47 \u5104\u6d88\u8cbb\u8005\u7684\u654f\u611f\u8cc7\u8a0a\u6d29\u9732\uff0c\u7576\u6642\u7f8e\u570b\u806f\u90a6\u8cbf\u6613\u59d4\u54e1\u6703\u548c\u5176\u4ed6\u653f\u5e9c\u6a5f\u69cb\u63d0\u51fa\u63a7\u544a\uff0c\u8a72\u516c\u53f8\u96a8\u5f8c\u540c\u610f\u652f\u4ed8 7 \u5104\u7f8e\u5143\u9054\u6210\u548c\u89e3\u3002<\/p>\n\n\n\n<p>FTC \u8868\u793a\uff0c\u63a1\u53d6\u5408\u7406\u63aa\u65bd\u7de9\u89e3\u5df2\u77e5\u8edf\u9ad4\u6f0f\u6d1e\u7684\u8cac\u4efb\u6d89\u53ca\u6cd5\u5f8b\uff0c\u5176\u4e2d\u5305\u62ec\u300a<a href=\"https:\/\/www.ftc.gov\/enforcement\/statutes\/federal-trade-commission-act\">\u806f\u90a6\u8cbf\u6613\u59d4\u54e1\u6703\u6cd5<\/a>\u300b\u548c\u300a<a href=\"https:\/\/www.ftc.gov\/tips-advice\/business-center\/privacy-and-security\/gramm-leach-bliley-act\">Gramm Leach Bliley<\/a>\u6cd5\u300b\uff0c\u81f3\u95dc\u91cd\u8981\u7684\u662f\uff0c\u4f7f\u7528\u65e5\u8a8c\u6846\u67b6Log4j\u7684\u516c\u53f8\u53ca\u5176\u4f9b\u61c9\u5546\u7acb\u5373\u63a1\u53d6\u884c\u52d5\uff0c\u4ee5\u6e1b\u5c11\u5c0d\u6d88\u8cbb\u8005\u9020\u6210\u50b7\u5bb3\u7684\u53ef\u80fd\u6027\uff0c\u4e26\u907f\u514d FTC \u63a1\u53d6\u6cd5\u5f8b\u884c\u52d5\u3002<\/p>\n\n\n\n<p>FTC \u5efa\u8b70\u4f01\u696d\u9075\u5faa CISA \u95dc\u65bc\u7de9\u89e3Log4j \u6f0f\u6d1e\u7684\u6307\u5c0e\uff1a<\/p>\n\n\n\n<p>*\u5c07Log4j \u8edf\u9ad4\u5305\u66f4\u65b0\u81f3\u6700\u65b0\u7684\u7248\u672c\uff1a<a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html\">https :\/\/logging.apache.org\/log4j\/2.x\/security.html<\/a><\/p>\n\n\n\n<p>*\u53c3\u95b1<a href=\"https:\/\/www.cisa.gov\/uscert\/apache-log4j-vulnerability-guidance\"> CISA \u6307\u5357 <\/a>\u4ee5\u7de9\u89e3\u6b64\u6f0f\u6d1e<\/p>\n\n\n\n<p>*\u78ba\u4fdd\u63a1\u53d6\u4fee\u88dc\u63aa\u65bd\uff0c\u4ee5\u78ba\u4fdd\u8cb4\u516c\u53f8\u7684\u505a\u6cd5\u4e0d\u9055\u53cd\u6cd5\u5f8b\uff0c\u672a\u80fd\u8b58\u5225\u548c\u4fee\u88dc\u6b64\u8edf\u9ad4\u7684\u5be6\u9ad4\u53ef\u80fd\u9055\u53cd FTC \u6cd5\u6848<\/p>\n\n\n\n<p>*\u5c07\u6709\u95dc\u6f0f\u6d1e\u7684\u8cc7\u8a0a\u5206\u767c\u7d66\u53ef\u80fd\u5bb9\u6613\u53d7\u5230\u653b\u64ca\u7684\u7b2c\u4e09\u65b9\u548c\u6d88\u8cbb\u8005\u3002<\/p>\n\n\n\n<p>FTC \u767c\u51fa\u8b66\u544a\u4e4b\u524d\uff0c\u5fae\u8edf\u672c\u9031\u4e5f<a href=\"https:\/\/www.microsoft.com\/security\/blog\/2021\/12\/11\/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation\/\">\u8b66\u544a\u7a31<\/a>\uff0cLog4Shell\u6f0f\u6d1e\u5c0d\u4f01\u696d\u4f86\u8aaa\u4ecd\u7136\u662f\u4e00\u500b\u8907\u96dc\u4e14\u9ad8\u98a8\u96aa\u7684\u60c5\u6cc1\uff0c\u4e26\u88dc\u5145\u8aaa\u57282021\u5e74 12\u6708\u7684\u5e7e\u500b\u661f\u671f\u9593\uff0c\u5617\u8a66\u5229\u7528\u6f0f\u6d1e\u548c\u6e2c\u8a66\u4ecd\u7136\u5f88\u983b\u7e41\u3002\u7531\u65bc\u8a31\u591a\u53d7\u5f71\u97ff\u7684\u8edf\u9ad4\u548c\u670d\u52d9\uff0c\u4ee5\u53ca\u66f4\u65b0\u7684\u901f\u5ea6\u7de9\u6162\uff0c\u9810\u8a08\u4f01\u696d\u9700\u8981\u82b1\u5f88\u9577\u6642\u9593\u624d\u80fd\u88dc\u5b8c\u6f0f\u6d1e\uff0c\u4e26\u9700\u8981\u6301\u7e8c\u4fdd\u6301\u8b66\u6212\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u7f8e\u570bFTC\u4eca\u5929\u5728\u4e00\u7bc7\u95dc\u65bc\u56b4\u91cd\u5b89\u5168\u6f0f\u6d1eLog4Shell\u7684blog\u6587\u7ae0\u4e2d\u8b66\u544a\u8aaa\uff0c\u672a\u80fd\u4fdd\u8b77\u6d88\u8cbb\u8005\u6578\u64da\u514d\u53d7 Apac <a class=\"read-more\" href=\"https:\/\/blog.billows.com.tw\/?p=1592\">READ MORE<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[174],"class_list":["post-1592","post","type-post","status-publish","format-standard","hentry","category-6","tag-news"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1592","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1592"}],"version-history":[{"count":1,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1592\/revisions"}],"predecessor-version":[{"id":1594,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/1592\/revisions\/1594"}],"wp:attachment":[{"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1592"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1592"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.billows.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1592"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}