The Apache Software Foundation has released a fix to include Actively Be exploited A zero-day vulnerability affecting the widely used Java-based Apache Log4j logging library can be weaponized to execute malicious code and allow complete takeover of vulnerable systems.
Track as CVE-2021-44228 And the problem called Log4Shell or LogJam involves the case of unauthenticated remote code execution (RCE) on any application that uses open source utilities and affects versions Log4j 2.0-beta9 to 2.14.1. The vulnerability in the CVSS rating system scored 10 points out of 10 points, indicating the severity of the problem.
“An attacker who can control log messages or log message parameters can execute LDAP The server when the message search and replace is enabled,” Apache Foundation Say In consultation. “Starting with Log4j 2.15.0, this behavior has been disabled by default.”
Vulnerabilities can be exploited through a single text string. If recorded through a vulnerable Log4j instance, it can trigger the application to access a malicious external host, effectively granting the attacker the ability to retrieve the payload from a remote server and execute it locally . The project maintainer believes that Chen Zhaojun of the Alibaba Cloud security team has discovered this problem.
Log4j is used as various logging packages Popular software By a Number of manufacturers, Including Amazon, Apple iCloud, Cisco, Cloud flare, Elastic search, Red Hat, Steam, Tesla, Twitter, and video games, such as my world. In the latter case, the attacker has been able to Get RCE on Minecraft server Just paste the specially crafted message into the chat box.
Huge attack surface
“The Apache Log4j zero-day vulnerability is probably the most serious vulnerability we have seen this year,” said Bharat Jogi, senior manager of vulnerabilities and signatures at Qualys. “Log4j is a ubiquitous library used by millions of Java applications to log error messages. This vulnerability is easy to exploit.”
Cyber Security Company Bit guard, Cisco Talos, Huntress Lab, and Sonar Have all confirmed evidence Large-scale scan Affected applications in the wild for vulnerable servers and attacks registered against their honeypot network Availability Proof of concept (Proof of concept) Development. “This is a low-skilled attack that is very simple to execute,” said Ilkka Turunen of Sonatype.
GreyNoise, compares defects to Shell shock,said Observed malicious activity For vulnerabilities starting on December 9, 2021. Web infrastructure company Cloudflare famous It blocked approximately 20,000 exploit requests every minute at around 6:00 PM UTC on Friday, most of which came from Canada, the United States, the Netherlands, France, and the United Kingdom
Given that Log4j is easy to use and popular in enterprise IT and DevOps, Field attack It is expected that the number of vulnerable servers will increase in the next few days, so the vulnerability must be addressed immediately. The Israeli cyber security company Cybereason also released a report titled “Log out of 4Shell“By using the vulnerability itself to reconfigure the recorder and prevent further exploitation attacks to compensate for the shortcomings.
“This Log4j (CVE-2021-44228) vulnerability is very serious. Millions of applications use Log4j for logging. All an attacker needs to do is make the application log a special string,” security expert Marcus Hutchins Say In a tweet.
