what is log4j vulnerability

                         On December 9th, 2021, the world was made aware of a new vulnerability identified as CVE-2021-44228, affecting the Java logging package log4j. This vulnerability earned a severity score of 10.0 (the most critical designation) and offers remote code trivial remote code execution on hosts engaging with software that utilizes this log4j version. This attack has been dubbed "Log4Shell".

 What is the Log4j Vulnerability:

Log4j is an extremely popular Apache library used by millions of Java programs and applications. As a result, the actual number of internet-facing applications exposed to the Log4j vulnerability is almost impossible to quantify. Researchers have noted that the vulnerability is likely to impact products and services provided by tech giants such as Apple, Amazon, Steam, Tesla, and Twitter. 

The Log4j exploit allows threat actors to take over compromised web-facing servers by feeding them a malicious text string. It exists within Log4j, an open-source Apache library for logging errors and events in Java-based applications. Third-party logging solutions like Log4j are a common way for software developers to log data within an application without building a custom solution. 

In the case of Minecraft, where the Log4 Shell exploit first surfaced last week, this malicious string is entered through the chatbox. In other examples, text entered into the username box on web applications, like Apple iCloud, can also start the compromise.

The Log4J vulnerability is triggered by attackers inserting a JNDI lookup in a header field (likely to be logged) linking to a malicious server. After Log4j logs this string, the server is queried and gives directory information leading to the download and execution of a malicious java data class. This means cybercriminals can both extract private keys and, depending on the level of defenses in place, download and run malware directly on impacted servers.

According to a statement from the director of the US Cybersecurity and Infrastructure Security Agency, Jen Easterly, "This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use." Easterly's agency has described Log4j as "critical," a statement echoed by equivalent agencies globally, such as Germany's national cybersecurity agency (BSI). Enterprise software developer Redhat has graded Log4j with a 9.8 CVSS score, while the NIST has given it a 10 - the highest possible.  

 

For a growing community-supported list of software and services vulnerable to CVE-2021-44228, check out this GitHub repository:

 

 

 What Organizations Need to Do Right Now to Stop Log4jShell

 Log4j is a critical threat, and no organization should assume it is safe. Therefore, determining exposure to it and fixing vulnerabilities needs to be every security team's highest priority task right now. This means searching the entire IT state regardless of whether servers are using Windows, Linux, or Mac for any Java code and determining if it uses the Log4j library. Wherever you find Log4j, you need to update it to the latest 2.17 version patch.

 

That's all about log4j 

  hope you are enjoying our content and also get understand about pegasus spyware.

 guys Please don't forget to follow us on Instagram and GitHub and do like our content on Instagram.

 https://instagram.com/__pytools__

https://GitHub.com/pytools786

 

 

 


 

 

 

Comments

Post a Comment

Popular posts from this blog

Secure your system from Pegasus spyware

  in last article we have discuss about pegasus spyware now let us understand how you can protect your system from this kind of spywares. There are several means of securing your device from Pegasus, starting from developing good technology practices. Always update your operating system to the latest version. Apple and Google regularly release updates which include security patches for vulnerabilities and malware. Both Apple and Google have released fixes for Pegasus. Apple released a patched version of iOS (starting from iOS 9.3.5) and Google has put in place specific controls to mitigate Pegasus on most Android OS’s (starting April 2017). Pegasus spyware (as well as all sorts of other malware) infiltrates phones by way of the phone user clicking a link in a text message, email, Twitter post, or any other means. When receiving any message with a link, make sure you are familiar with the person sending the link and actually verify that the message along with the link is c...
Read more

Recovering all the saved passwords from target system using lazagne

  Hey friends how are you hope you are doing well. Today I am going to tell you how you can recover all the saved passwords from target system with the help of tool called lazange . The LaZagne project is an open source application used to retrieve lots of passwords stored on a local computer. Each software stores its passwords using different techniques (plaintext, APIs, custom algorithms, databases, etc.). This tool has been developed for the purpose of finding these passwords for the most commonly-used software Basically lazange is a post exploitation tool, but with the help of simple python script we can used it directly without actually gaining the access over victim. Want to how to used lazange with python script pls do watch this video: https://youtu.be/rAgaIokaufA That's all for today Thx guy's Also don't forget to follow us on Instagram and GitHub and do like our content on Instagram: http://instagram.com/__pytools__ https://github.com/Pytools786/
Read more