Overview
A critical vulnerability was found in the Java logging library log4j which allows an attacker to perform Remote Code Execution (RCE).
Description
RCE vulnerability resides in the Java logging library log4j can be exploited by logging a certain string or by sending a specially crafted payload. It is also identified that by successfully exploiting this vulnerability, a remote attacker could gain full control of the targeted servers.
Impact
● Execution of payloads and malicious commands
● Can be exploited without authentication
● Remote access the computer through the Minecraft server
● Sensitive information exposure
Solution/Workarounds
Apply appropriate patches or mitigation steps as mentioned by various vendors. Refer below,
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/
https://unit42.paloaltonetworks.com/apache-log4j-vulnerability-cve-2021-44228/
https://www.fortiguard.com/psirt/FG-IR-21-245
https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
https://kb.vmware.com/s/article/87092
https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009
https://www.oracle.com/java/technologies/javase/products-doc-8u121-revision-builds-relnotes.html
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
https://logging.apache.org/log4j/2.x/security.html
Reference
● https://www.zdnet.com/article/security-warning-new-zero-day-in-the-log4j-java-library-is-already-being-exploited/
● https://www.lunasec.io/docs/blog/log4j-zero-day/
● https://thehackernews.com/2021/12/apache-log4j-vulnerability-log4shell.html
● https://www.cert-in.org.in
Disclaimer
The information provided herein is on an "as is" basis, without warranty of any kind.