Remote Code Execution Vulnerability in Apache Java logging library Log4j (Severity: High)

Date

10-12-2021

Vulnerability Name	Remote code execution in Apache Java logging library Log4j
Original Issue Date	December 10, 2021
Severity Rating	High
Systems Affected	Various implementations of Apache Log4j versions between 2.0 and 2.14.1
CVE Name	CVE-2021-44228

Overview

CERT-In has reported a vulnerability in Apache Java logging library Log4j which could allow a remote attacker to gain full control on the targeted servers.

Description

This Vulnerability exists in Apache Java logging library Log4j due to logging of user-controlled strings. A remote attacker could exploit this vulnerability by injecting a specially crafted malicious payload. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code and lead to gain full control on the targeted servers.

Note: This vulnerability is being actively exploited in the wild.

Solution
Apply appropriate patches/mitigation steps as mentioned by various vendors

Vendor Name	URL
Apache	https://logging.apache.org/log4j/2.x/security.html
CISCO	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
Microsoft	https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-forcve-2021-44228-log4j-2-exploitation/
Oracle	https://www.oracle.com/java/technologies/javase/products-doc-8u121-revision-builds-relnotes.html
Redhat	https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
Docker	https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/
VMWare	https://kb.vmware.com/s/article/87092
AWS	https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
Fortiguard	https://www.fortiguard.com/psirt/FG-IR-21-245
Paloalto Networks	https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
IBM	https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
Sophos	https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
Ubuntu	https://ubuntu.com/security/notices/USN-5192-1

References

https://logging.apache.org/log4j/2.x/security.html

https://www.lunasec.io/docs/blog/log4j-zero-day/

https://github.com/tangxiaofeng7/apache-log4j-poc

https://www.randori.com/blog/cve-2021-44228/

https://www.crowdstrike.com/blog/log4j2-vulnerability-analysis-and-mitigation-recommendations

https://kc.mcafee.com/corporate/index?page=content&id=KB9509

https://cert-in.org.in/

Remote Code Execution Vulnerability in Apache Java logging library Log4j (Severity: High)

KSITM

e Office: 0471 2525441
UIDAI / Aadhaar: 0471 2525442
Akshaya: 0471 2525443

Remote Code Execution Vulnerability in Apache Java logging library Log4j (Severity: High)

KSITM

e Office: 0471 2525441 UIDAI / Aadhaar: 0471 2525442 Akshaya: 0471 2525443

e Office: 0471 2525441
UIDAI / Aadhaar: 0471 2525442
Akshaya: 0471 2525443