CVE-2021-44228 Scanner

Apache Log4j2 is a logging framework that offers many powerful features and a flexible configuration. It is widely used in Java-based applications and provides developers with the ability to log messages at different levels. Specifically, it allows logging to files, console output, network streams, and even databases. The straightforward APIs and the variety of appenders make it one of the most popular logging frameworks in the Java ecosystem.

Recently, a severe vulnerability code CVE-2021-44228 has been discovered in Apache Log4j2 versions ranging from 2.0-beta9 to 2.15.0, which can enable remote attackers to execute arbitrary code on an affected system. The flaw exists in the codebase for the JNDI (Java Naming and Directory Interface) features. This problem is primarily the result of the availability of these features to users without security checks, leading to an exploitation of the vulnerability through the use of user-supplied configuration files and log messages.

If left unaddressed, this vulnerability could lead to an attacker executing arbitrary code on the target system. Attackers can use this code to install malware, steal sensitive data, or use the system as part of a botnet. The security flaw is particularly impactful in environments where the JNDI-Lookup feature is enabled, as this can allow an attacker to execute malicious code by including it in the attribute values of a log message or the parameters of a method call. This can result in complete system compromise if the attack successfully exploits the vulnerability.

Thanks to the Pro features of Securityforeveryone.com, you can easily and quickly learn about vulnerabilities in your digital assets. The platform offers continuous monitoring, alerting, and expert guidance, enabling proactive risk management for your organization. Being proactive in your approach to security is the most effective way to prevent breaches and mitigate risks that may arise.

REFERENCES

• http://packetstormsecurity.com/files/165225/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/165260/VMware-Security-Advisory-2021-0028.html
• http://packetstormsecurity.com/files/165261/Apache-Log4j2-2.14.1-Information-Disclosure.html
• http://packetstormsecurity.com/files/165270/Apache-Log4j2-2.14.1-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/165281/Log4j2-Log4Shell-Regexes.html
• http://packetstormsecurity.com/files/165282/Log4j-Payload-Generator.html
• http://packetstormsecurity.com/files/165306/L4sh-Log4j-Remote-Code-Execution.html
• http://packetstormsecurity.com/files/165307/Log4j-Remote-Code-Execution-Word-Bypassing.html
• http://packetstormsecurity.com/files/165311/log4j-scan-Extensive-Scanner.html
• http://www.openwall.com/lists/oss-security/2021/12/10/1
• http://www.openwall.com/lists/oss-security/2021/12/10/2
• http://www.openwall.com/lists/oss-security/2021/12/10/3
• http://www.openwall.com/lists/oss-security/2021/12/13/1
• http://www.openwall.com/lists/oss-security/2021/12/13/2
• http://www.openwall.com/lists/oss-security/2021/12/14/4
• http://www.openwall.com/lists/oss-security/2021/12/15/3
• https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf
• https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf
• https://lists.debian.org/debian-lts-announce/2021/12/msg00007.html
• https://lists.fedoraproject.org/archives/list/[email protected]/message/VU57UJDCFIASIO35GC55JMKSRXJMCDFM/
• https://logging.apache.org/log4j/2.x/security.html
• https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
• https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
• https://security.netapp.com/advisory/ntap-20211210-0007/
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
• https://twitter.com/kurtseifried/status/1469345530182455296
• https://www.debian.org/security/2021/dsa-5020
• https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
• https://www.kb.cert.org/vuls/id/930724
• https://www.oracle.com/security-alerts/alert-cve-2021-44228.html