- Why the iPad Mini 7 is the ultraportable tablet to beat this holiday travel season - and it's $50 off
- The best iPads for college: Expert tested and reviewed
- One of the best mid-range sports watches I've tested is on sale for Black Friday
- This monster 240W charger has features I've never seen on other accessories (and get $60 off this Black Friday)
- This laptop power bank has served me well for years, and this Black Friday deal slashes the price in half
Anomali Threat Research: Apache Log4j 2 Vulnerability
A critical vulnerability, registered as CVE-2021-44228 (Log4Shell), has been identified in Apache Log4j 2, which is an open source Java package used to enable logging in.[1] The vulnerability was discovered by Chen Zhaojun of Alibaba in late November 2021, reported to Apache, and subsequently released to the public on December 10, 2021.[2]
The Apache Software Foundation (ASF) rates CVE-2021-44228 as a 10 on the common vulnerability scoring system (CVSS) scale.[3] Log4Shell is a remote code execution (RCE) vulnerability that is exploited via improper deserialization of user input that is sent into the Log4j package framework.[4] Specifically, the vulnerability is located in the JNDI component of the LDAP connector.[5] A threat actor’s objective is to trick JNDI into connecting to an threat actor-controlled directory.[6] However, the exploitation reliability of Log4Shell is dependent on how the package is implemented.
Affected versions: log4j version 2.0-beta9 to version 2.14.1.
Attack Complexity: Low.
Privileges Required: None.
User Interaction: Not required.
How Anomali Can Help
ThreatStream: The Anomali Threat Research team has released a ThreatStream dashboard “Log4Shell (CVE-2021-44228)” for tracking associated indicators, research articles, and vulnerable products. (shown in figure below.)
Integrator: Customers can use Anomali Integrator to block specific IOCs in their downstream security integrations.
Match: Match can provide alerting and retrospective lookup capabilities to detect and contextualize matches for these indicators.
For more information, reach out to your Customer Success Manager.
Endnotes
[1] “CVE-2021-44228 Detail,” NVD NIST, access December 13, 2021, published December 10, 2021https://nvd.nist.gov/vuln/detail/CVE-2021-44228; Free Wortley, et al., “Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package,” LunaSec, accessed December 13, 2021, published December 12, 2021, https://www.lunasec.io/docs/blog/log4j-zero-day/.
[2] Jake King and Samir Bousseaden, “Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security,” Elastic NV, accessed December 13, published December 10, 2021, https://www.elastic.co/blog/detecting-log4j2-with-elastic-security.
[3] “CVE-2021-44228 Detail,” NVD NIST.
[4] Jake King and Samir Bousseaden, “Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security,” Elastic NV.
[5] “Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild,” Cisco Talos Blog, accessed December 13, 2021, published December 10, 2021, https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html.
[6] Hans-Martin Münch, “VULNERABILITY NOTES: LOG4SHELL,” Mogwai Labs, accessed December 13, 2021, published, December 10, 2021, https://mogwailabs.de/en/blog/2021/12/vulnerability-notes-log4shell/?s=09.
