What is Log4j vulnerability?

Log4j vulnerability is a software vulnerability available for the java based application over the internet which allows remote access to the system which used a certain version of log4j. it is also known as log4shell and log jam. Log4shell is a zero vulnerability in log4j, it was publically disclosed on 9 December 2021.

Log4j is a piece of code written by the volunteers in the java programming language at the apache software foundation. Log4j is used to keed the longing error message in the applications. According to the  CVE-2021-44228, Log4j enables a remote attacker to take control over the device if it is running certain versions of log4j 2.

We know that logging is very important for a system. As it keeps records of what's going on the device and when a certain program is executed as well as the error that occurred on the device. As said by Sergio Caltagirone, vice president of threat intelligence of top cybersecurity firm Dragos "Logging is critical in everything we do. Because this library is used by most web services in the world, it means that most web services are vulnerable to attack,". 

When did the attack start?

Apache Software Foundation came to know about the vulnerability on November 24, after a Security researcher Chen Zhaojun of Alibaba working at Alibaba's cloud security team discovered it. It was first reported to the Apache foundation by china's largest e-commerce company. It was first brought in public on December 9th, 2021.

Over the last week, unusual news started circulating through the cybersecurity community staff after makers of the sandbox video game Minecraft shared about the vulnerability in one of their blog posts, alerting gamers flaw in their game that can be used by the hacker to infiltrate their computers. The staff also released a patch, but cybersecurity experts quickly discovered that the vulnerability at fault was embedded in the widespread software tool used for more than just virtual worldbuilding.

As Log4j 2 library can communicate with other sources services and internal directory services, attackers can easily feed Log4j 2 with malicious commands on it from the outside and make it download and execute dangerous code from malicious sources.

How does the Log4Shell vulnerability cause damage?

Attackers can exploit Log4j 2 depending on the specifics of the system that is been attacked. So far, the vast majority of malicious activity has been mass scanning to fingerprint vulnerable systems. Attackers have been exploiting the vulnerability to compromise virtualization infrastructure, install and execute ransomware, steal system credentials, take broad control of compromised networks, and exfiltrate data, according to a Microsoft report.

As reports continue to mount regarding the exploitability of Log4Shell, the possibilities for malicious activity seem exponential. Attackers can execute any code on the attacked system.

According to the apache, log4j is a critical security vulnerability with  Base CVSS Score 10.0 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

The Versions Affected by log4j are All versions from 2.0-beta9 to 2.14.1. To protect your Application from log4j vulnerability update to 2.16 or to the latest version available on the day.

To view the original Apache post on Log4j click on apache log4j