Apache Log4j bug reveals new cyber threats
Cynet has issued a warning about a new zero-day vulnerability in the Apache Log4j Java-based logging library. This discovery has been tracked under the name CVE-2021-44228.
Log4j, a Java-based logging utility, is part of the Apache Foundation’s Apache Logging Services project. It allows the ability to perform lookups, such as system properties and Java Naming and Directory Interface (JNDI). A variety of apps and cloud providers utilize these services.
Cynet says CVE-2021-44228 is known by other names, such as LogJam and Log4Shell. If exploited, it can expose users and enterprises to an unauthenticated remote code execution (RCE) attack. The bug can also affect default configurations of multiple Apache frameworks including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc.
With the exploitation, an attacker can do the following:
- Gain full control of a system and exfiltrate data from the affected servers.
- Grants the attacker with full control on the affected server
Currently no Cynet360 clients have been affected by this bug. Cynet’s team is working around the clock to create and deploy new detections and develop tools to determine if an asset is susceptible.
What does Cynet recommend?
- Apply Apache’s Log4j 2.15.0 to mitigate the vulnerability as soon as possible
- The flaw can be mitigated in previous releases (2.10 and later) by setting system property “log4j2.formatMsgNoLookups” to “true” or removing the JndiLookup class from the classpath.
For information on how we plan to keep your system safe from cyber threats, please contact our Vancouver or Austin office. If you would like additional information on the Log4Shell vulnerability, please check out Cynet’s website at:https://www.cynet.com/log4shell