January 18, 2022

TheCyberThrone

Thinking Security ! Always

Log4J Exploit Mitigation Incomplete !

Critical Log4j Vulnerability Affects Millions of Applications - Lansweeper

A second vulnerability involving Apache Log4j was found after experts spent days attempting to patch or mitigate CVE-2021-44228.

The description of the new vulnerability, CVE 2021-45046, says the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was “incomplete in certain non-default configurations.” This could allow attackers to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack.

Advertisements

JNDI, short for Java Naming and Directory Interface, is a Java API that enables applications coded in the programming language to look up data and resources such as LDAP servers. Log4Shell is resident in the Log4j library, an open-source, Java-based logging framework commonly incorporated into Apache web servers.

Apache has already released a patch, Log4j 2.16.0, for this issue. The CVE says Log4j 2.16.0 fixes the problem by removing support for message lookup patterns and disabling JNDI functionality by default. It notes that the issue can be mitigated in prior releases by removing the JndiLookup class from the classpath.

At least a dozen groups are using these vulnerabilities so immediate action should be taken to either patch, remove JNDI, or take it out of the classpath. The latest update arrives as fallout from the flaw has resulted in a “true cyber pandemic,” what with several threat actors seizing on Log4Shell in ways that lay the groundwork for further attacks, including deploying coin miners, remote access trojans, and ransomware on susceptible machines. The opportunistic intrusions are said to have commenced at least since December 1, although the bug became common knowledge on December 9.

Advertisements

The security flaw has sparked widespread alarm because it exists in a near-ubiquitously used logging framework in Java applications, presenting bad actors with an unprecedented gateway to penetrate and compromise millions of devices across the world. Attackers are targeting physical servers, virtual servers, IP cameras, manufacturing devices, and attendance systems.

Second Log4j vulnerability discovered, patch already released | ZDNet

Researchers released a map showing where Log4j exploitation attempts have been made, with the highest volume occurring in the US, UK, Turkey, Germany, and the Netherlands

%d bloggers like this: