[MART] - Daily Diary #409 - New Zero-Day RCE Exploit for Log4j Java Library

CTAS-MAT ctas-mat at appgate.com
Fri Dec 10 14:41:03 UTC 2021 

Hello,

I hope everyone is doing well!

Below is the entry for today.

12/10/2021 - Diary entry #409:


Log4j is a Java-based logging library developed by the Apache Foundation, widely used by unaccountable applications around the globe. Recently, exploits for a critical zero-day vulnerability in multiple versions of Log4j are being shared online, exposing applications to RCEs (Remote Code Execution) attacks.


Tracked as CVE-2021-44228, it allows unauthenticated RCE into default installations of widely-used enterprise and cloud-based software using the library. Cloud services like Steam, Apple iCloud, and applications like Minecraft have already been found to be vulnerable. The exploit requires a vulnerable endpoint with any protocol (HTTP, TCP, etc) that allows an attacker to send the exploit string and a log statement that logs out the string from that request.


A patch was already released to fix the vulnerability and there is a temporary mitigation for servers that can't immediately be patched. However, due to the ease of exploitation and the number of applications that rely on this library, threat actors already started to exploit it in the wild. So we expect new attacks leveraging this vulnerability from now on.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>
O: +55 11 97467 9549

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20211210/42513eff/attachment.htm>

More information about the MART mailing list