Assistanz
Assistanz

Apache Log4j Vulnerabilities and Mitigations

Apache Log4j Vulnerabilities and Mitigations

 

In this blog, we going to explain Apache Log4j Vulnerabilities and Mitigations.

 

What is Apache Log4j?

 

Apache Log4j is a Java library that specializes in logging.

It is used for logging error messages in applications. It is used in enterprise software applications, including those custom applications.

The output from Log4j can go to the console window, an email server, a database table, a log file, or various other destinations.

The great benefit of Apache Log4j is that different levels of logging can be set. The levels are hierarchical and are as follows: TRACE, DEBUG, INFO, WARN, ERROR, and FATAL.

 

What is Log4j Vulnerability?

 

A researcher from the Alibaba Cloud Security Team dropped a 0-day remote code execution exploit, targeting the extremely popular log4j logging framework for Java, On December 9, 2021.

 

The vulnerability was originally discovered and reported to Apache by the Alibaba cloud security team on November 24th named Apache Log4j Vulnerabilities.

MITRE assigned CVE-2021-44228 to this vulnerability, which has since been dubbed Log4Shell by security researchers.

 

The vulnerability received 10.0, the highest CVSS score. The vulnerability exposes an opportunity for an attacker to execute code on the Java server if it uses log4j.

 

The JNDI (JAVA Naming and Directory Interface) features used in the configuration, log messages, and parameters can be exploited by an attacker to perform remote code execution. It would allow the attacker to gain full control over the server that runs the Java application.

Apache Log4j Vulnerabilities and Mitigations

How to check log4j in Linux servers?

 

By using the below Commands on respective Linux Servers (Debian or Ubuntu or Centos), We can check the log4j is installed or not.

# dpkg -l | grep log4j

# which java

# rpm -qa *log4j*

# yum list installed | grep log4j

# find /var/ -name *log4j*

# find /etc/ -name *log4j*

# find /usr/ -name *log4j*

# find /opt/ -name *log4j*

 

Also, we can check using the below bash script:

 

wget https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/log4j_checker_beta.sh -q -O – | bash

 

What to do If java is not installed on the server?

Please refer to

 

https://stackoverflow.com/questions/70353435/are-you-safe-from-log4j-cve-2021-44228-if-java-is-not-installed

 

Notices, Updates, or Patches:

 

Amazon :

 

Amazon has updated several of its products to use a non-vulnerable version of the Log4j component and announced that it is either in the process of updating others or will release new versions shortly.

 

The company has published details specific for affected services, among them, being OpenSearch, AWS Glue, S3, CloudFront, AWS Greengrass, and API Gateway.

 

cPanel:

 

A forum thread shows that only instances where the cPanel Solr plugin is present are affected and could be exploited, but only locally.

 

A staff member provided additional peace of mind announcing that an update with mitigation for Log4Shell is available to the cpanel-dovecot-solr package.

 

Docker:

 

A dozen Docker Official images have been found to use a vulnerable version of the Log4j library. The list includes couchbase, elasticsearch, logstash, sonarqube, and solr.

 

Docker says that it is “in the process of updating Log4j 2 in these images to the latest version available” and that the images may not be vulnerable for other reasons.

 

MongoDB:

 

Only MongoDB Atlas Search needed to be patched against Log4Shell, the company notes in an advisory updated today

 

The developer adds that it found no evidence of exploitation or indicators of compromise before deploying the patch.

 

Red Hat:

 

Components in multiple Red Hat products are affected by Log4Shell, the organization disclosed on Friday, strongly recommending customers to apply the updates as soon as they become available.

 

Among the products listed in the advisory are Red Hat OpenShift 4 and 3.11, OpenShift Logging, OpenStack Platform 13, CodeReady Studio 12, Data Grid 8, and Red Hat Fuse 7.

 

Splunk:

 

Core Splunk Enterprise is not affected unless Data Fabric Search is used. The company published a table with the versions of its products affected by Log4Shell both in the cloud and on-premise.

 

The company has released fixes for some products and is currently working on rolling updates for at least seven of its products.

 

VMware:

 

VMware has fixed several of its products vulnerable to Log4Shell attacks and is currently working to roll out patches for another 27 products.

 

In an advisory last updated today, the company lists nearly 40 of its products as impacted by the critical vulnerability. Many of them show a “Patch Pending” and mitigations are available in some cases.

 

Ubuntu:

 

The Log4j package has been patched upstream, reads the security advisory, and the update now has to trickle to Ubuntu 18.04 LTS (Bionic Beaver), 20.04 LTS (Focal Fossa), 21.04 (Hirsute Hippo), and 21.10 (Impish Indri).

 

How to resolve Apache Log4j Vulnerabilities?

 

The confirmed affected versions of Log4j are 2.0-beta-9 to 2.15 for RCE and it is recommended to upgrade 2.16.

 

At the time of writing, Log4j 2.16 is vulnerable to Denial of Service. So Upgrading the version to Apache Log4j 2.17.

 

For More Info: https://logging.apache.org/log4j/2.x/security.html

 

Log4J 2.17 Download Link:

 

https://logging.apache.org/log4j/2.x/download.html

 

Log4J 2.16 Download Link:

 

https://archive.apache.org/dist/logging/log4j/2.16.0/

DirectAdmin Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk
$ 99 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • NDA & SLA
  • SLA Review Meetings
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation
  •  

Platinum Support

24/7 Proactive Support
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Support

$ 30 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response Time
  • 4 Hours Resolution time for the Possible Issues
  • Security and Performance Optimization
  • React to Customers queries
  • Simple SignUp Process
  • Instant Account Activation
  • No Third party application support
  • No Migration and End User Support

Cpanel Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk

$ 99 Monthly / Server
  • 24/7 End User White Label Support
  • Unlimited Number of Tickets
  • Chat Support for Admin
  • Separate Account Manager
  • Guaranteed SLA
  • Weekly Status Reports
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation

Platinum Support

24/7 Proactive Server Management
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Server Management

$ 29 Monthly / Server
  • Unlimited Admin Tasks
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response time
  • 4 hours Response time for possible issues
  • Security and Performance Optimization
  • React to Customers queries
  • No Third party application support
  • No Migration and End User Support

Cpanel Server Management Plans

Premium Support

24/7 End User Support from your Helpdesk

$ 99 Monthly / Server
  • 24/7 End User White Label Support
  • Unlimited Number of Tickets
  • Chat Support for Admin
  • Separate Account Manager
  • Guaranteed SLA
  • Weekly Status Reports
  • FREE Consultancy Services
  • Simple SignUp Process
  • Instant Account Activation

Platinum Support

24/7 Proactive Server Management
$ 49 Monthly / Server
  • Unlimited Support Plan
  • 24/7 Emergency Phone
  • Chat Support for Admin
  • Separate Account Manager
  • Advance Proactive Monitoring
  • Guaranteed SLA
  • SLA Review Meetings
  • 3rd Party Application Support
  • FREE Consultancy Services
  • Server Migration Support
  • Weekly Status Report
  • No End User Support
Popular

Unlimited Support

24/7 Server Management

$ 29 Monthly / Server
  • Unlimited Admin Tasks
  • 24/7 Support
  • Basic Monitoring
  • 30 Minutes Response time
  • 4 hours Response time for possible issues
  • Security and Performance Optimization
  • React to Customers queries
  • No Third party application support
  • No Migration and End User Support