- This robot vacuum has a side-mounted handheld vacuum and is $380 off for Black Friday
- This 2 TB Samsung 990 Pro M.2 SSD is on sale for $160 this Black Friday
- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
Anomali Threat Research: Apache Log4j 2 Vulnerability
A critical vulnerability, registered as CVE-2021-44228 (Log4Shell), has been identified in Apache Log4j 2, which is an open source Java package used to enable logging in.[1] The vulnerability was discovered by Chen Zhaojun of Alibaba in late November 2021, reported to Apache, and subsequently released to the public on December 10, 2021.[2]
The Apache Software Foundation (ASF) rates CVE-2021-44228 as a 10 on the common vulnerability scoring system (CVSS) scale.[3] Log4Shell is a remote code execution (RCE) vulnerability that is exploited via improper deserialization of user input that is sent into the Log4j package framework.[4] Specifically, the vulnerability is located in the JNDI component of the LDAP connector.[5] A threat actor’s objective is to trick JNDI into connecting to an threat actor-controlled directory.[6] However, the exploitation reliability of Log4Shell is dependent on how the package is implemented.
Affected versions: log4j version 2.0-beta9 to version 2.14.1.
Attack Complexity: Low.
Privileges Required: None.
User Interaction: Not required.
How Anomali Can Help
ThreatStream: The Anomali Threat Research team has released a ThreatStream dashboard “Log4Shell (CVE-2021-44228)” for tracking associated indicators, research articles, and vulnerable products. (shown in figure below.)
Integrator: Customers can use Anomali Integrator to block specific IOCs in their downstream security integrations.
Match: Match can provide alerting and retrospective lookup capabilities to detect and contextualize matches for these indicators.
For more information, reach out to your Customer Success Manager.
Endnotes
[1] “CVE-2021-44228 Detail,” NVD NIST, access December 13, 2021, published December 10, 2021https://nvd.nist.gov/vuln/detail/CVE-2021-44228; Free Wortley, et al., “Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package,” LunaSec, accessed December 13, 2021, published December 12, 2021, https://www.lunasec.io/docs/blog/log4j-zero-day/.
[2] Jake King and Samir Bousseaden, “Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security,” Elastic NV, accessed December 13, published December 10, 2021, https://www.elastic.co/blog/detecting-log4j2-with-elastic-security.
[3] “CVE-2021-44228 Detail,” NVD NIST.
[4] Jake King and Samir Bousseaden, “Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security,” Elastic NV.
[5] “Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild,” Cisco Talos Blog, accessed December 13, 2021, published December 10, 2021, https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html.
[6] Hans-Martin Münch, “VULNERABILITY NOTES: LOG4SHELL,” Mogwai Labs, accessed December 13, 2021, published, December 10, 2021, https://mogwailabs.de/en/blog/2021/12/vulnerability-notes-log4shell/?s=09.