If you’re experiencing an error looking up a JNDI resource, you should follow the steps below. In this article, we’ll take a look at why this happens, how to fix it, and what to do if you’re getting this error. If you’re seeing this error message, you may have one of three reasons. First, this vulnerability can be exploited by an attacker. If an attacker can find and execute the code, he can take control of your system.
Using an attacker-controlled JNDI resource is an attack vector. By manipulating the URL, he or she can cause a Java program to instantiate arbitrary code that he or she has access to. The vulnerability in the log4j package was discovered in 2013, when the “JNDILookup plugin” was added to the log4j package. The vulnerability can allow a malicious JNDI server to execute arbitrary Java code.