New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild
The critical zero-day vulnerability (CVE-2021-44228) exploiting Apache Log4J, the popular java open source logging library used in countless worldwide applications, has been discovered in-the-wild. This maximum severity vulnerability has been identified as ‘Log4Shell’, which, if exploited, could permit a remote attacker to take control of vulnerable systems and execute arbitrary code remotely.
The discovered flaw must be taken very seriously due to its ease of exploitation and the sheer number of affected enterprise applications and cloud services. As of this writing, CVE-2021-44228 ranks as the most high-profile security vulnerability circulating the Internet with a severity score of 10, the maximum severity rating possible.
Apache addressed this vulnerability by releasing a patch and security advisory with mitigation details.
What is Apache Log4J “Log4Shell” vulnerability?
Log4j is an open-source Java-based logging utility in the Apache Logging Services. Logging untrusted or user-controlled data with a vulnerable version of Log4J may result in Remote Code Execution (RCE) against your application. This includes untrusted data provided in logged errors such as exception traces, authentication failures, and other unexpected vectors of user-controlled input.
New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild
Invulnerable Log4j, an unauthenticated, remote attacker, could exploit it by sending a specially crafted JNDI injection request to a target server and writing in a log file, leading to arbitrary code execution. This allowed attackers to inject malicious payloads from LDAP servers or other JNDI services such as DNS, RMI, NIS, NDS, CORBA, and IIOP when the message lookup mechanism is enabled.
Impacted Log4j versions: All versions from 2.0-beta9 to 2.14.1
Severity: Critical
Why is the “Log4Shell” vulnerability critical?
An unauthenticated, remote attacker can exploit this vulnerability in simple web requests that target identified vulnerable systems. Successful exploitation could lead to arbitrary code execution, and the attacker can take complete control of the system.
Apache Log4j is widely used in cloud and enterprise software services, so publicly available exploits code, easy exploitations & detection evasions techniques make this vulnerability very dangerous.
Mitigation of “Log4Shell”
Immediately update Apache Log4j to 2.15.0 or above from here.
Disable JNDI lookup by set system property log4j2.formatMsgNoLookups to “true” or set Environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=”true”.
Please refer to Vendor Advisory.
Update the Network security solutions and endpoints with the latest definitions
Thirtyseven4 Coverage for “Log4Shell”
We have released IPS rules to identify and block remote attacks exploiting vulnerable Log4j installations. We’ll continue monitoring the developments around this threat. We advise all our customers to patch their systems properly and keep the anti-virus software updated with the latest VDB updates.
Thirtyseven4, LLC is dedicated to serving customers with a full palette of security solutions including AntiVirus, AntiMalware, Anti-Ransomware and Zero-Day Threat Protection.