Damian Szewczyk
In recent days, a critical vulnerability CVE-2021-44228 was discovered in one of the most widely used Apache Log4j logging libraries. The vulnerability allows remote code execution. Many companies base their applications (not just web applications) on Java and use the Log4j library. That’s why, due to its popularity, many users have been gripped by chaos, caused by concerns about the security of application continuity and stored data.
As professional Administrators, we would like to inform you that we are up to date and the environment of each of our clients is thoroughly checked upon request. However, if you haven’t heard about the outage, be sure to read about what the problem is and how to protect your organization from data leaks.
Apache log4j allows you to save application logs. When it is used, access to your data is at your fingertips. Attempted attacks can occur by sending a specific string to an application using a designated library. The message can be in various forms, regardless of where they are injected.
In addition, the probability of a system vulnerability threat occurs in library versions 2.0 through 2.14.1.
Vulnerabilities to various types of failure are inherent in today’s world. However, each needs to be looked at and addressed accordingly.
For Apache Log4j event logging libraries, the first thing to do is to check that the specified library is not in our technology stack. How to do it?
Within the server, look for a library under the name:
log4jIf we detect this vulnerability, we should backup the data and then update the paths accordingly, which will exclude the above code.
You should also test your environment, especially applications written in Java, before making final changes.
It is also worth following the documentation at the following link: https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b
However, if you decide to continue using Apache Log4j, you should update the library to version 2.16.0.
In addition, monitoring incoming traffic to the server is integral to ensuring its security in this situation.
It should be noted that using Log4j is not the same as taking control of the application or stealing data. However, the probability of such an event can be very high.
Helpful in detecting attack attempts is the WAF (Web application firewall). Simply implementing and maintaining an application firewall can be complicated. Therefore, if you need help, please contact us. Qlos administrators are putting this type of solution on the agenda, especially with CloudFlare.
Also worth reading is the information provided by CERT.PL
Attention! On 15/12/2021, a new vulnerability was discovered in library version 2.15.0. It enables a denial-of-service attack in a specific configuration. The recommended update version of the Log4j library is 2.16.0.
