Log4j Vulnerability Guidance

Log4j Exploit Map (source: https://www.govcert.ch/)

Log4j Mitre Tactics and Techniques

Initial Access

T1190 — Exploit Public-Facing Application

Execution

T1203 — Exploitation for Client Execution

T1059 — Command and Scripting Interpreter

Lateral Movement

T1021 — Remote Services

T1003.008 — OS Credential Dumping: /etc/passwd and /etc/shadow

Impact

T1496 — Resource Hijacking

T1498 — Network Denial of Service

Remediation

In order for these vulnerabilities to be remediated in your systems that use affected versions of Log4j, you must implement latest security updates.

CVE-2021–45105 Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.

CVE-2021–44832 Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.

Actions

  • Review Apache’s Log4j Security Vulnerabilities page for additional information and, if appropriate, apply the provided workaround.
  • Apply available patches immediately. (Now, the latest release of Apache log4j is 2.17.1)
  • Prioritize patching, First mission critical systems, internet-facing systems, and networked servers.
  • Conduct a security review to determine if there is a security concern or compromise.

--

--

--

Cyber/Information Security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

OFAC Checker: Best OFAC checking tool to screen individuals & entities against the OFAC sanctions…

Nessus scanner is disabled

Incentive Program Phase 3:250k HSM for Depositors!

Is Tlauncher a Spyware?

What Is Data Privacy in the Era of Social Networks

An Introduction to Nymbox: The Privacy Preserving Personal Router

OFAC Checker: A modern OFAC screening tool for instant compliance check

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Mehmet Fatih KOCALAR

Mehmet Fatih KOCALAR

Cyber/Information Security

More from Medium

Vulnhub: XSS AND MYSQL FILE (Walkthrough)

Log4J / Log4Shell

Log4Shell Exploitation (CVE-2021–44228)

File Upload Vulnerabilities: From a Developer’s Perspective