New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild

New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild

A critical zero-day vulnerability (CVE-2021-44228) recently discovered Apache Log4J, the popular java open source logging library used in countless worldwide applications.

The maximum severity vulnerability has been identified as ‘Log4Shell’, which, if exploited, could permit a remote attacker to take control of vulnerable systems and execute arbitrary code remotely.

According to some security researchers, the flaw is the most serious discovered in the past decade due to its ease of exploitation and the sheer number of affected enterprise applications and cloud services. It is the most high-profile security vulnerability on the internet right now and comes with a severity score of 10, the maximum severity rating possible.

Apache addressed this vulnerability by releasing a patch and security advisory with mitigation details.

What is Apache Log4J “Log4Shell” vulnerability?

Log4j is an open-source Java-based logging utility in the Apache Logging Services. Logging untrusted or user-controlled data with a vulnerable version of Log4J may result in Remote Code Execution (RCE) against your application. This includes untrusted data provided in logged errors such as exception traces, authentication failures, and other unexpected vectors of user-controlled input.

Invulnerable Log4j, an unauthenticated, remote attacker, could exploit it by sending a specially crafted JNDI injection request to a target server and writing in a log file, leading to arbitrary code execution. This allowed attackers to inject malicious payloads from LDAP servers or other JNDI services such as DNS, RMI, NIS, NDS, CORBA, and IIOP when the message lookup mechanism is enabled.

  • Impacted Log4j versions: All versions from 2.0-beta9 to 2.14.1
  • Severity: Critical

Why is the “Log4Shell” vulnerability critical?

An unauthenticated, remote attacker can exploit this vulnerability in simple web requests that target identified vulnerable systems. Successful exploitation could lead to arbitrary code execution, and the attacker can take complete control of the system.

Apache Log4j is widely used in cloud and enterprise software services, so publicly available exploits code, easy exploitations & detection evasions techniques make this vulnerability very dangerous.

 

Mitigation of “Log4Shell”

  • Immediately update Apache Log4j to 2.15.0 or above from here.
  • Disable JNDI lookup by set system property log4j2.formatMsgNoLookups to “true” or set Environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=”true”.
  • Please refer to Vendor Advisory.
  • Update the Network security solutions and endpoints with the latest definitions

 

Quick Heal Coverage for “Log4Shell”

We have released IPS rules to identify and block remote attacks exploiting vulnerable Log4j installations. We’ll continue monitoring the developments around this threat and improve our detections if needed. We advise all our customers to patch their systems properly and keep the anti-virus software updated with the latest VDB updates.

 

The post “New Apache Log4j ‘Log4Shell’ Zero-Day Being Exploited in the Wild” appeared first on Quick Heal Antivirus Blog

Source:Quick Heal Antivirus Blog – Quickheal