Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to ongoing remote code execution attacks.
Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services.
Thus, while home users might have moved away from Java (although popular games like Minecraft still use it), anything from enterprise software to web apps and products from Apple, Amazon, Cloudflare, Twitter, and Steam is likely vulnerable to RCE exploits targeting this vulnerability.
Ongoing scans, exploitation of vulnerable systems
The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is an unauthenticated RCE vulnerability allowing complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1.
It was reported by Alibaba Cloud’s security team to Apache on November 24. They also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others.
After the first proof-of-concept exploit was published on GitHub yesterday, threat actors began scanning the Internet [1, 2] for systems vulnerable to this remotely exploitable security flaw that doesn’t require authentication.
Additionally, CERT NZ (New Zealand’s national Computer Emergency Response Team) has issued a security advisory warning of active exploitation in the wild (also confirmed by Coalition Director Of Engineering – Security Tiago Henriques and security expert Kevin Beaumont).
Mass scanning activity detected from multiple hosts checking for servers using Apache Log4j (Java logging library) vulnerable to remote code execution (https://t.co/GgksMUlf94).
Query our API for “tags=CVE-2021-44228” for source IP addresses and other IOCs. #threatintel
— Bad Packets (@bad_packets) December 10, 2021
Patch and mitigation available
Apache has released Log4j 2.15.0 to address the maximum severity CVE-2021-44228…