Its the message lookup feature in log4j is the culprit. Its the built-in JndiLookup plugin which is enabled by default . The message lookup was a bad idea that has other issues besides the one reported. 2.15.0 updates the configuration to disabling all message lookups (which is what it should have been). Many companies don't keep up with JDK updates (which disabled this from working awhile ago which relied on the ability to execute remote code over LDAP/RMI).
The exploit depends on a number of factors including which version of Java is hosting the web application, how open engress on network is, are you using default configuration. Basically if the host is running old versions of Java with a wide open network they are at risk. Also they must ignore best programming practices and log user input as-is (which unfortunately a lot of devs do).
Best practice is to sanitize untrusted user input before operation on it (including logging). The fact that log4j has a message lookup feature which is enabled by default was an incredibly stupid design decision but this mistake has been made before by others and its been open source forever and nobody caught it (or kept quite about it anyways).
From first paragraph. 16+ years old is fully FDA approved (not that means anything to me)
"the vaccine has been known as the Pfizer-BioNTech COVID-19 Vaccine, and will now be marketed as Comirnaty (koe-mir’-na-tee), for the prevention of COVID-19 disease in individuals 16 years of age and older."
This is bad news.
Umm are you replying to the right comment? I was referring to the COVID claims above.
The data is in. You have a 1 in 500 chance of being injured by the vaccine. You have a 1 in 19,000 chance of dying from the vaccine. Kids have a 1/2,500,000 chance of dying if they catch the Wuhan Virus
Those are bold claims and if true can be very powerful arguments but need to be precise on the source.
None of these are "indisputable facts". You made hypothesis yourself to try to explain what's going on; that's what people do. There are doctor's only sites saying exactly what is going in VAERS reports are happening to them verifying that something is going wrong that they haven't experienced before. You got an explanation for that ?
This isn't happen in a vacuum either. Look at all the other data points: every time this has gone to court they hide the date and lose. You are either being intentional ignorant or carrying water for someone I can't decide.
You ready to get down and dirty for this? Hiding something?
Covid vaccine maker Moderna received 300,000 reports of side effects after vaccinations over a three-month period following the launch of its shot, according to an internal report from a company that helps Moderna manage the reports.
That figure is far higher than the number of side effect reports about Moderna’s vaccine publicly available in the federal system that tracks such adverse events.
Vaccine manufacturers like Moderna are legally required to forward all side effect reports they receive to the Vaccine Adverse Events Reporting System, where they are made public each week.
Who is talking about babies?
I said 16-24 year olds who many scientists said would be problematic ages for this vaccine BEFORE it was released. You keep using extreme examples to discredit VAERS which to me is a smell that you might be a bad actor. You don't even have enough curiosity to peruse the data seems like your mind is completely made up that VAERS is 100% useless.
There are 11 other systems closed to the public. VAERS is our only insight into the process. And VAERS reports are followed up by CDC. Some of the reports make reference to that if you bothered to read one.
VAERS is in fact designed for US warts and all. It was negotiated as part of making VAX makers free from liability
Twitter (and just talking to people) has even lower barrier of entry (and much more garbage data) but where there is smoke there is fire. There is no example in history like this before. Why now? VAERS is canary in the coal mine wither you want to admit or not. Even if 5% is good data its very compelling stuff.
Sounds like I hit a nerve. Didn't you just say "Nobody is being evasive about the data.". It's called a lie by omission (I'm talking about Reuters here on the 3 points I made: 1) VAX makers must report, 2 its illegal to false report and 3) lack of disclosure for 30+ billion conflict of interest. So no they are not "absolutely" correct by neglecting to document these facts.
I partially agreed with what you said about VAERS but you act like nobody is allowed to make reasonable layperson observations like we are all a bunch of uneducated chimps. You also setup a straw man's argument using the 98 year old as example.
I gave concrete examples of healthy young people who did die after taking vaccine. That is a reasonable assumption I can make; there is no evidence of widespread false reporting like was stated in the article and inferred by you. I've read many many entries. Notice I didn't assert they died because of the vaccine because I don't know that for certain but its an interesting coincidence that is repeated.
You did make the same assertion for the second time however " but nothing in VAERS/the tip line is verified" How do you know this? Unless you have some insider baseball you aren't revealing?
You completely ignored that part of what I was saying. VAERS isn't perfect but they aren't giving us anything else. I'm pretty confident the real data is far more frightening.
Maybe you need to make some financial disclosures?
Fine you're right I cannot reach a definite conclusion but you have to admit that the media publishes misleading interpretations in the other direction.
Its clearly not 100% safe as was initially advertised and you can get COVID after taking vax (lies per Biden et al.). Look at the ARR rates. Not so impressive.
How do you explain this regarding the PCR test?
https://www.bitchute.com/video/OYSDWcfswgVb/ https://www.bitchute.com/video/bR5HF0hNzZvI/
I have a Fauci video somewhere where he says above 26 cycles is inconclusive. They regularly use 40+ cycles
By the same token every PCR test or anti-body test doesn't prove the patient was suffering from COVID either. Do you agree with that?
And how do you know that most of these cases went nowhere? Can you back that up or did you just make that up? I'm not making any additional claims besides what I said. They were the ones being evasive.
This extreme number of reports didn't happen during 2009 swine flu or any other year. Why now?
Also 45 deaths for ages 16-24 now. That exceeds the threshold where other vaccines were discontinued, e.g. Polio vax.
https://www.cdc.gov/vaccines/pubs/pinkbook/downloads/appendices/B/discontinued_vaccines.pdf
Those are small enough in number to read VAERS details. There's pretty damning stuff in there. I can provide IDs if you want. There's some high quality tips in there :)
Are they gonna provide the rest of the data to us? Police officers write reports....
Partially correct. Reuters neglected to point out (on the same link above https://vaers.hhs.gov/reportevent.html):
-
Vaccine manufacturers are required to report to VAERS all adverse events that come to their attention.
-
Knowingly filing a false VAERS report is a violation of Federal law (18 U.S. Code § 1001) punishable by fine and imprisonment.
Also look at the sheer number of recent reports compared to all previous 31 years. They aren't all fake or mis-attributed. Just read a couple at random many are incredibly detailed and complete. We don't have to be meteorologists to know when its raining.
Also where is the financial conflict of interest disclosure you usually see on these kind of reports? Hmmm....
Thanks for that info. I had thought scents were larger than viruses before you forced me to look it up. FYI covid is approx 100 nanometters. some scents are as small as 1-2 nanometers.
Cough droplets that carry virus are 0.62-15.9 micons (micrometers).
Typical mask if I recall correctly can only block 45micons.
The more you know...
Thanks that makes sense. However they have been calling it a "jab" in Europe for a long time far before COVID-19. I can see how they might consolidate terminology just seems like its been updating at a faster rate last few months.
Question: who threw the first punch(s)? From watching the video it seems like they arrested the right people to me unless there is more to the story. If someone skips you in line, if that's what happened, punching them isn't the appropriate response.
Also just because a woman attacks a man doesn't mean they get a free pass and may end up getting the short stick.
I partially agree with him about the "blow back" about US policies towards Central America. He's wrong about Trump calling everyone criminals. That's BS.
Read what Smedley Butler had to say about that.
Its against the law to fill a false VAERS report. Not that would stop everybody but it is somewhat a deterrent. I don't think there's alot of people who would file false reports anyways. Especially those detailed ones would be hard to fake.
Yeah I'm pissed at my brother because I'm pretty sure he told my 80 year old parents directly or indirectly that they cannot visit their son unless they got the "vaccine". Other reasons given by relatives was so they can go on vacations. It's madness.
Yes it has been very disappointing. People in my immediate family who claimed that they would never get it have gotten it. Peer pressure and media is a powerful persuader. Maybe we should flood local media and medical people with the facts and have them defend their positions and see if any of them still have a soul.
Apache HTTP server and log4j do not mix at all. log4j is used with Java based web application servers (e.g. Tomcat, Jetty, WebLogic ,etc). Apache is an open source organization that contributes to C, C++, Java based projects. Apache HTTP server is used to distribute content and/or centralize auth/security type settings. Its possible to host directly from Java webapplication server but most big corps don't.
log4j is used in a lot places because overall its high quality library. This is a big black eye for them due to feature creep IMO. I work in security and even this caught me by surprise. In retrospect I'm shocked this wasn't caught earlier but its been out in the open for years. Like I said before though to be successful it depends on a foundation that has been fixed for awhile so shame on companies for being too lazy to keep up with security patches in the OS or Java layers.