Cybersecurity and Infrastructure Security Agency and its partners published guidance about the exploitation of a critical vulnerability (CVE-2021-44228) in Apache’s Log4j software library, through the Joint Cyber Defense Collaborative. Versions between 2.0-beta9 to 2.14.1 of Apache’s Log4j, also known as Log4Shell or Logjam, are being exploited with remote code execution, and it is considered as the biggest cyber threat according to cyber security experts.
Identify, mitigate, and patch
CISA stated that Log4j is used in a variety of consumer and enterprise services, websites, and applications to log security and performance information. To avoid exploitation, the maintainers of these products and services should implement the Log4j version 2.15.0 security update or contact their vendors for security updates.
CISA also stated that the vulnerability exists in the action the Java Naming and Directory Interface (JNDI) takes to resolve variables. The affected versions contain JNDI features that don’t protect against Lightweight Directory Access Protocol (LDAP) and other JNDI related endpoints. CISA urges vendors and users to take the following actions.
- Immediately identify, mitigate, and patch affected products using Log4j.
- Inform your end users of products that contain this vulnerability and strongly urge them to prioritize software updates.
- Affected Organizations
- In addition to the immediate actions, to enumerate external-facing devices that have Log4j, ensure your SOC actions alerts on these devices, and install a WAF with rules that automatically update, review CISA’s upcoming GitHub repository for a list of affected vendor information and apply software updates as soon as they are available.
CISA also announced that it will maintain a community-sourced GitHub repository to provide a list of publicly available information and vendor-supplied advisories.
- Two new vulnerabilities are found on Log4j, only one of them is fixed yet
- CISA published an emergency directive for Log4j
- Google joining the war against Log4j exploits
- Hackers exploit Log4j to inject Monero miners, shifting from LDAP to RMI
- A third, new Apache Log4j vulnerability is discovered
- How to scan your server to detect Log4j (Log4Shell) vulnerability
- The Log4j flaw is patched but it is still vulnerable
- Zero-day Apache Log4j RCE vulnerability (Log4Shell) is being exploited