All You Need to Know About the New Zero-Day Found in the Log4j Java Library

Log4j 2 is a Java logging library that is open source and extensively used in a variety of software applications and services throughout the world. The flaw gives threat actors the potential to take control of any Java-based, internet-facing server and launch Remote Code Execution (RCE) attacks.

What Happened?

Proof-of-concept exploits for a significant zero-day vulnerability discovered in the widely used Apache Log4j Java-based logging library were distributed online, exposing both home users and businesses to continuing remote code execution assaults.

The vulnerability, officially tagged as CVE-2021-44228 and called Log4Shell or LogJam, is an unauthenticated RCE vulnerability that allows total system takeover on systems running Log4j 2.0-beta9 through 2.14.1.

 An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

Source

On November 24, Alibaba Cloud’s security team reported it to Apache. CVE-2021-44228 also affects the default setups of several Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others.

Vulnerability exploitation does not require a special configuration. After verification by the Alibaba Cloud security team, Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc. are all affected. 

Alibaba Cloud Emergency Response

Read More: https://heimdalsecurity.com/blog/all-you-need-to-know-about-the-new-zero-day-found-in-the-log4j-java-library/