inventiveinnovationtag
Skip links
cyber security 1914950 1280

Cybersecurity experts discover new zero-day vulnerability

Apache Log4j bug reveals new cyber threats

Cynet has issued a warning about a new zero-day vulnerability in the Apache Log4j Java-based logging library.  This discovery has been tracked under the name CVE-2021-44228.

Log4j, a Java-based logging utility, is part of the Apache Foundation’s Apache Logging Services project. It allows the ability to perform lookups, such as system properties and  Java Naming and Directory Interface (JNDI). A variety of apps and cloud providers utilize these services.

Cynet says CVE-2021-44228 is known by other names, such as LogJam and Log4Shell. If exploited, it can expose users and enterprises to an unauthenticated remote code execution (RCE) attack. The bug can also affect default configurations of multiple Apache frameworks including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc.

With the exploitation, an attacker can do the following:

  • Gain full control of a system and exfiltrate data from the affected servers.
  • Grants the attacker with full control on the affected server

Currently no Cynet360 clients have been affected by this bug. Cynet’s team is working around the clock to create and deploy new detections and develop tools to determine if an asset is susceptible.

What does Cynet recommend?

  • Apply Apache’s Log4j 2.15.0 to mitigate the vulnerability as soon as possible
  • The flaw can be mitigated in previous releases (2.10 and later) by setting system property “log4j2.formatMsgNoLookups” to “true” or removing the JndiLookup class from the classpath.

For information on how we plan to keep your system safe from cyber threats, please contact our Vancouver or Austin office. If you would like additional information on the Log4Shell vulnerability, please check out Cynet’s website at:https://www.cynet.com/log4shell

Share the Post:

Related Posts

This Headline Grabs Visitors’ Attention

A short description introducing your business and the services to visitors.
sinagle post cta img