An update on the Apache Log4j vulnerability | Cloud-Based Platform AIONCLOUD

Threat Intelligence Report

Get up-to-date information on web application vulnerabilities, attacks, and how to respond.

Back to Threat Intelligence Report

An update on the Apache Log4j vulnerability

 

security_report

The Apache Software Foundation has released a security update that addresses vulnerabilities in Log4j (https://logging.apache.org/log4j) software. 

Apache Log4j, where the vulnerability was found, is a Java-based open-source utility used to leave a log while writing a program. 

Since attackers can take advantage of the vulnerability and cause damage such as malicious code infection, we strongly encourage users who manage environments containing Log4j to update to the latest. 

■ Affected versions

 o Apache Log4j 2
   - 2.0-beta9 ~ 2.14.1 All Versions
 o Products that use Apache Log4j 2
    ※ If you are using the product using Apache Log4j2 (checking reference website), apply a patch or countermeasure according to the manufacturer's recommendation. 

■  Log4j2 vulnerability update 

Through the update on December 10, 2021, the vulnerability patch was provided as follows with Log4j 2.15.0 version. 
https://logging.apache.org/log4j/2.x/download.html 

■ Log4j2 vulnerability compensation

If it is difficult to patch the vulnerability, please take temporary measures in the following ways. 

-  Log4j 2.10 to 2.14.1 versions
Change the value of system property log4j2.formatMsgNoLookups or environmental variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. 

-  Log4j 2.0-beta9 to 2.10.0 version
Remove the JndiLookup class as followed.
# zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

■ MONTIORAPP Product's vulnerability response status

Apache Log4j vulnerability has no effect on MONITORAPP products.

The vulnerability attack detection pattern is applied to WAF to detect/response. (December 12, 2021 distributed version) 

Pattern Name : Apache Log4j Remote Code Execution - JNDI features 

• New Pattern Information – AIWAF, Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) Related Patterns

- v4.0.2 : Officially out of service as of July 1st 2020 

- v4.1.0 ~ v4.1.6 : W.3.0.124.0003_20211212_40ae24446210b0f68e3a6f138da54e44

- v5.0.0 ~ : W.5.0.024.0003_20211212_37dac25d8faf8d88f9af02177da1c0d7241b893b9848b16b15b2ca060ec7d388

Reference links
https://logging.apache.org/log4j/2.x/security.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Scroll Up