New zero-day exploit for Log4j Java library is an enterprise nightmare

New zero-day exploit for Log4j Java library is an enterprise nightmare

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to ongoing remote code execution attacks.

Log4j is developed by the Apache Foundation and is widely used by both enterprise apps and cloud services.

Thus, while home users might have moved away from Java (although popular games like Minecraft still use it), anything from enterprise software to web apps and products from Apple, Amazon, Cloudflare, Twitter, and Steam is likely vulnerable to RCE exploits targeting this vulnerability.

Ongoing scans, exploitation of vulnerable systems

The bug, now tracked as CVE-2021-44228 and dubbed Log4Shell or LogJam, is an unauthenticated RCE vulnerability allowing complete system takeover on systems with Log4j 2.0-beta9 up to 2.14.1.

It was reported by Alibaba Cloud’s security team to Apache on November 24. They also revealed that CVE-2021-44228 impacts default configurations of multiple Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, and others.

After the first proof-of-concept exploit was published on GitHub yesterday, threat actors began scanning the Internet [12] for systems vulnerable to this remotely exploitable security flaw that doesn’t require authentication.

Additionally, CERT NZ (New Zealand’s national Computer Emergency Response Team) has issued a security advisory warning of active exploitation in the wild (also confirmed by Coalition Director Of Engineering – Security Tiago Henriques and security expert Kevin Beaumont).

Nextron Systems’ Head of Research Florian Roth has shared a set of YARA rules for detecting CVE-2021-44228 exploitation attempts.

Patch and mitigation available

Apache has released Log4j 2.15.0 to address the maximum severity CVE-2021-44228…