Log4j is popular java library used as logging framework in most of the application. This framework is vulnerable to remote code execution (RCE) vulnerability in Apache Log4j 2. It is also known as log4shell: 0 day exploit.
All versions of Log4j2 versions >= 2.0-beta9 and <= 2.14.1 are affected by this vulnerability.
Attacker will send the specially crafted request and a log statement to endpoint with protocol (HTTP, TCP, etc) that logs out the string from that request. The log4j vulnerability is triggered by this payload and the server makes a request to hacker controlled website via “Java Naming and Directory Interface” (JNDI)
This response contains a path to a remote Java class file which is injected into the server process, this injected payload triggers a second stage, and allows an attacker to execute arbitrary code. The important thing to understand is that the vulnerability gets triggered if the logged string contains any untrusted strings in any part of the logged data.
This way Unauthenticated, remote hacker could exploit this vulnerability and achieve RCE to a server running a vulnerable version of log4j. Many applications use Log4j for logging functionality, Many services are vulnerable to this exploit. Cloud services like Apple iCloud, have already been found to be vulnerable.
Mitigation: The simplest and most effective protection method is to install the most recent version of the library, 2.15.0.
If for some reason updating the library is not possible, Apache Foundation recommends using one of the mitigation methods. In case of Log4J versions from 2.10 to 2.14.1, they advise setting the log4j2.formatMsgNoLookups system property, or setting the LOG4J_FORMAT_MSG_NO_LOOKUPS environment variable to true.
To protect earlier releases of Log4j (from 2.0-beta9 to 2.10.0), the library developers recommend removing the JndiLookup class from the classpath: zip -q -d log4j-core – *. Jar org / apache / logging / log4j / core / lookup / JndiLookup .class.
Found this article interesting? Follow HackersIdentity on Facebook, Twitter and LinkedIn to read more exclusive content we post.
Users Today : 0