MS-ISAC ADVISORY NUMBER:
2021-158
DATE(S) ISSUED:
12/10/2021
OVERVIEW:
A vulnerability has been discovered in Apache Log4j, a very ubiquitous logging package for Java. Successful exploitation of this vulnerability could allow for arbitrary code execution within the context of the systems and services that use the Java logging library, including many services and applications written in Java. Depending on the privileges associated with these systems and services, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If these systems and services have been configured to have fewer user rights, exploitation of this vulnerability could have less impact than if they were configured with administrative rights.
THREAT INTELLIGENCE:
According to numerous open source reports, Log4j is used with Apache software like Apache Struts, Solr, Druid, along with other technologies. Many websites of manufacturers and providers have been found to be affected including Apple, Twitter, Steam, Tesla and more. Threat actors will likely include payloads in simple HTTP connections, either in a User-Agent header or trivial POST form data. In addition, it has been reported that organizations are already seeing signs of exploitation in the wild with further attempts on other websites likely.
SYSTEMS AFFECTED:
RISK:
Government:
Businesses:
Home Users:
HIGH
TECHNICAL SUMMARY:
A vulnerability has been discovered in Apache Log4j, a very ubiquitous logging package for Java. This vulnerability resides in the JNDI lookup feature of the log4j library. The JNDI lookup feature ..
Support the originator by clicking the read the rest link below.
