Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack

The Log4Shell vulnerability critically threatens anybody using the popular open-source Apache Struts framework and could lead to a “Mini internet meltdown soonish.”

An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j that allows unauthenticated remote code execution (RCE) and complete server takeover is being exploited in the wild.

Early Friday morning, the Cyber Emergency Response Team (CERT) of the Deutsche Telekom Group tweeted that it was seeing attacks on its honeypots coming from the Tor network as threat actors tried to exploit the new zero-day vulnerability, which is tracked as “Log4Shell” by LunaSec and as CVE-2021-44228.

🚨⚠️New #0-day vulnerability tracked under “Log4Shell” and CVE-2021-44228 discovered in Apache Log4j 🌶️‼️ We are observing attacks in our honeypot infrastructure coming from the TOR network. Find Mitigation instructions here: https://t.co/tUKJSn8RPF pic.twitter.com/WkAn911rZX

— Deutsche Telekom CERT (@DTCERT) December 10, 2021

Ditto for CERT New Zealand and people who’ve piped up on Twitter to warn that they’re also seeing in-the-wild exploits.

This problem is going to cause a mini-internet meltdown, experts said, given that Log4j is incorporated into scads of popular frameworks, including Apache Struts2, Apache Solr, Apache Druid and Apache Flink. That exposes

Read More: https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/