Log4J Vulnerability

What is Log4J?

Java library for logging error messages in applications. The library is developed by the open-source Apache Software Foundation and is a key Java-logging framework. It is used in enterprise software applications, including those custom applications developed in-house by businesses, and forms part of many cloud computing services.

Severity score: 10 out of 10. The most high-profile security vulnerability on the internet right now.

Exploits start date: December 1, 2021

Devices and applications at risk: Basically, any device that’s exposed to the internet is at risk if it’s running Apache Log4J, version 2.0 to 2.14.1.

Actions to take:

  1. Identify internet-facing devices running Log4j.
  2. Upgrade the version to 2.15.0. Patches for Oracle WebLogic Server are publicly available through this link: Oracle Security Alert Advisory – CVE-2021-44228
  3. If a patch cannot be done, apply mitigations provided by vendors immediately. For example, set system property “log4j2.formatMsgNoLookups” to “true” or remove the JndiLookup class from the classpath.
  4. Run a vulnerability scan on devices/assets that had Log4j products and set alerts for any unusual behavior.
  5. Deny communications from IoC´s declared in different vulnerability sites. It will be better if there is a WAF (Web Application Firewall) put in place and activate rules to detect and mitigate Log4j attack attempts and scanning. 6. Check the list of products by the vendor that is vulnerable until now: log4shell/software at main · NCSC-NL/log4shell · GitHub