CVE-2021-44228 summary
Last week information security media reported the discovery of the critical vulnerability CVE-2021-44228 in the Apache Log4j library (CVSS severity level 10 out of 10). The threat, also named Log4Shell or LogJam, is a Remote Code Execution (RCE) class vulnerability. If an attacker manages to exploit it on a vulnerable server, they gain the ability to execute arbitrary code and potentially take full control of the system. A publicly published Proof-of-Concept, as well as the vulnerability’s easy exploitability, make this situation particularly dangerous.
Kaspersky is aware of PoCs in the public domain and of the possible exploitation of CVE-2021-44228 by cybercriminals. Our products protect against attacks leveraging the vulnerability, including PoC usage. Possible detection names are:
UMIDS:Intrusion.Generic.CVE-2021-44228.*
PDM:Exploit.Win32.Generic
KATA verdicts:
Exploit.CVE-2021-44228.TCP.C&C
Exploit.CVE-2021-44228.HTTP.C&C
Exploit.CVE-2021-44228.UDP.C&C
Geography of CVE-2021-44228 scan and exploitation attempts, December 2021
CVE-2021-44228 technical details
The remote code execution vulnerability CVE-2021-44228 was found in the Apache Log4j library, a part of the Apache Logging Project. If a product uses a vulnerable version of this library with the JNDI module for logging purposes, there is a high possibility that this vulnerability can be exploited. Almost all versions of Log4j are vulnerable, from 2.0-beta9 to 2.14.1.
Log4j includes a Lookup me ..
Support the originator by clicking the read the rest link below.
![Hacky Holidays: Celebrating the Best of Security Nation [Video]](upload/news/image_1639418418_9541509.jpg)
