Log in
Register
Cyber Forum
More options
Toggle width
Share this page
Share this page
Share
Share
Cyber Forum
Log in
Register
More options
Toggle width
Share this page
Share this page
Share
Share
Menu
Install the app
Install
Home
CyberWeekly Podcast
Breaking News! Podcast
Cyber Risk Rating
Forums
New posts
Forum list
Trending
Leaderboards
News Feeds
Resources
Latest reviews
Sophos X-Ops Intelix
Threat Reports
Members
Current visitors
My.CompTIA
Help Documents
Preference Center
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="MJ Shoer" data-source="post: 2448" data-attributes="member: 3"><p>Here is the original threat report that was issued Friday, December 10, 2021 at 10:45 AM EST:</p><p></p><h3><a href="https://forum.comptiaisao.org/resources/a-zero-day-exploit-for-log4j-java-library-could-have-a-tsunami-impact-on-it-giants.1209/" target="_blank"><span style="color: rgb(251, 160, 38)">Severity: Medium</span> <span style="color: rgb(65, 168, 95)">TLP: Green</span> A Zero-day Exploit for Log4j Java Library Could Have a Tsunami Impact on IT Giants</a></h3><p></p><p><strong>Summary</strong>:</p><p>“Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library. The Chinese security researcher p0rz9 who publicly disclosed the PoC exploit code revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups option is set to false” (<a href="https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html" target="_blank">Security Affairs, 2021</a>).</p><p></p><p>The Log4j is widely used by both enterprise apps and cloud services, including Apple iCloud and Steam.</p><p></p><p><strong>Analyst Comments:</strong></p><p>The vulnerability was assigned CVE-2021-44228, it allows an unauthenticated attacker to execute arbitrary code on a vulnerable system leading to complete system takeover.</p><p></p><p>Most alarming, the vulnerability does not require any special configurations which is why it received a CVSS score of 10/10. Apache Struts2, Apache Solr, Apache Druid, Apache Flink are all affected by this vulnerability. Open-source projects like ElasticSearch, Elastic Logstash, Redis, and the NSA’s Ghidra also use the library.</p><p></p><p>“IT giants like Apple, Amazon, Twitter, Cloudflare, Steam, Tencent, Baidu, and NetEase are running servers potentially affected by the issue. Researchers from Bad Packets are already observing mass scanning activity for this vulnerability. Lunasec, who tracked this vulnerability as LogJam, confirmed the wide impact of this issue” (<a href="https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html" target="_blank">Security Affairs, 2021</a>).</p><p></p><p><strong>Mitigation</strong>:</p><p>Apache addressed the issue with the release of a Log4j release candidate version (2.15.0-rc1), but security researchers already discovered a bypass and urge impacted organizations to updating to the latest RC build log4j-2.15.0-rc2.</p><p></p><p><strong>Source</strong>:</p><p><a href="https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html" target="_blank">https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html</a></p></blockquote><p></p>
[QUOTE="MJ Shoer, post: 2448, member: 3"] Here is the original threat report that was issued Friday, December 10, 2021 at 10:45 AM EST: [HEADING=2][URL='https://forum.comptiaisao.org/resources/a-zero-day-exploit-for-log4j-java-library-could-have-a-tsunami-impact-on-it-giants.1209/'][COLOR=rgb(251, 160, 38)]Severity: Medium[/COLOR] [COLOR=rgb(65, 168, 95)]TLP: Green[/COLOR] A Zero-day Exploit for Log4j Java Library Could Have a Tsunami Impact on IT Giants[/URL][/HEADING] [B]Summary[/B]: “Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library. The Chinese security researcher p0rz9 who publicly disclosed the PoC exploit code revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups option is set to false” ([URL='https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html']Security Affairs, 2021[/URL]). The Log4j is widely used by both enterprise apps and cloud services, including Apple iCloud and Steam. [B]Analyst Comments:[/B] The vulnerability was assigned CVE-2021-44228, it allows an unauthenticated attacker to execute arbitrary code on a vulnerable system leading to complete system takeover. Most alarming, the vulnerability does not require any special configurations which is why it received a CVSS score of 10/10. Apache Struts2, Apache Solr, Apache Druid, Apache Flink are all affected by this vulnerability. Open-source projects like ElasticSearch, Elastic Logstash, Redis, and the NSA’s Ghidra also use the library. “IT giants like Apple, Amazon, Twitter, Cloudflare, Steam, Tencent, Baidu, and NetEase are running servers potentially affected by the issue. Researchers from Bad Packets are already observing mass scanning activity for this vulnerability. Lunasec, who tracked this vulnerability as LogJam, confirmed the wide impact of this issue” ([URL='https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html']Security Affairs, 2021[/URL]). [B]Mitigation[/B]: Apache addressed the issue with the release of a Log4j release candidate version (2.15.0-rc1), but security researchers already discovered a bypass and urge impacted organizations to updating to the latest RC build log4j-2.15.0-rc2. [B]Source[/B]: [URL]https://securityaffairs.co/wordpress/125480/hacking/log4j-java-library-zeroday.html[/URL] [/QUOTE]
Name
Verification
Post reply
Forums
Security
Active Exploits Discussion/Recommendations
Log4j Vulnerability Information
Top
Bottom
Home
Forums
Threat Reports
My.CompTIA
Menu