A recently discovered zero-day vulnerability in the Apache Log4j log library is easy to exploit and could allow attackers to take full control of affected servers.
Identified as CVE-2021-44228, the vulnerability is classified as severe and allows the remote execution of unauthenticated code.
According to the New Zealand CERT (CERT-NZ), attackers are already exploiting this vulnerability.
CERT-FR has also posted a notice
CERT-FR has also posted an advisory on this security flaw. Analysts at Anssi indicate that “this vulnerability allows an attacker to trigger arbitrary code execution remotely if he has the ability to send data to an application that uses the log4j library to record the event.
“This attack can be carried out without being authenticated, for example by taking advantage of an authentication page that logs authentication errors. Proof of concept has already been published and exploit codes are likely to be developed rapidly. “
Systems and services that use the Apache Log4j library between versions 2.0 and 2.14.1 are affected, including many services and applications written in Java.
Anyone using Apache Struts is “probably vulnerable”
The vulnerability was first discovered in Minecraft, but the researchers warn that cloud applications are also vulnerable. It is also used in business applications, and many products are likely to become vulnerable as more is learned about the vulnerability.
A blog post published by LunaSec researchers warns that anyone using Apache Struts is “probably vulnerable.”
“Given the ubiquity of this library, the impact of the exploit (total control of the server) and its ease of operation, the impact of this vulnerability is quite severe. We call it ‘Log4Shell’ for short, ”says LunaSec.
What to do in the face of this threat?
Organizations can identify if they are affected by examining the log files of all departments that use the affected versions of Log4j. If they contain user-submitted character strings, CERT-NZ uses the “Jndi: ldap” example, they could be affected. To mitigate the vulnerabilities, users must change the log4j2.formatMsgNoLookups parameter to “true” by adding “‐Dlog4j2.formatMsgNoLookups = True” to the JVM command to start the application.
To avoid exploiting the library, it is strongly recommended to upgrade the versions of Log4j to log4j-2.15.0-rc1.
“If you think you might be affected by CVE-2021-44228, Randori encourages you to pretend that you are and examine the logs of affected applications to identify unusual activity,” Randori cybersecurity researchers write in a blog post. “If an anomaly is discovered, we recommend that you assume that it is an active incident, that it has been compromised, and that you respond accordingly. “
Source: .com
Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled