Log4j has been popular recently for the recent news about the 0-day that affects a large number of servers on the internet. On December 10th, experts in the industry have discovered this serious vulnerability being touted as Log4Shell, funnily enough, was initially used by hackers to have fun on Minecraft servers. Hackers have been exploiting Minecraft servers with this vulnerability at least since December 1st of this year.
Log4Shell is the vulnerability in the popular logging package, Apache Log4j 2. This package is a popular logging library used in a lot of well-known Java applications for error message logging and performance monitoring. This vulnerability allows for remote code which can allow arbitrary code execution, which of course is as scary as it sounds. Thankfully, Apache has pushed out a patch fixing this vulnerability CVE-2021-44228, however as great as this sounds left part of vulnerability still unpatched and working. This has resulted in a new report titled CVE-2021-45046. However with both of these patches out, Apache has also pushed out a third patch, CVE-2021-45105, which according to the description of the CVE report,
Apache has given the severity of this vulnerability a CVSS score of 10/10, so if your servers have still not been patched against this vulnerability, which I doubt, you should update to the latest version if possible and as fast as possible.
The exploit allows a remote attacker to send a malicious request to a server running a vulnerable version of Log4j. After this malicious request is sent, the payload from the request gets remotely executed on the server allowing for an attacker to start a reverse shell.
The ease that this exploit can be executed is one of the largest factors that is adding to the severity of the exploit. There are no advanced skills needed and a person with almost no skill is able to take a malicious string from anywhere on the internet.
|CVE-2021-45105||This causes an uncontrolled recursion event and in return triggers an eventual denial-of-service attack|
|CVE-2021-45046||Allows an attacker to execute remote code on exploitable servers|
|CVE-2021-44228||Allows an attacker to execute remote code on exploitable servers using the basic message lookup function of Log4j|
To ensure that you are protected against Log4j make sure you update the software and libraries that you or your company uses. Don't be that one company that ends up on the news for not patching the software from a well-known vulnerability until it is too late.
Copyright © Brandon-travis.com 2022.