If you cannot upgrade to the fixed version of Log4j, you can mitigate this vulnerability as follows: It is recommended to immediately upgrade to this version. ResolutionĪpache has released Log4j version 2.15 which contains a fix for this CVE. Given the port number used (8983), this seems to be targeting Apache SOLR enterprise search platform, which does not log POST bodies. This POST form would probably not succeed at exploiting this Log4j vulnerability in most situations because POST body is usually not logged.
Or using an HTTP post command and burying the malicious request in the POST body: Typically, a JDNI lookup would look like this: $ in the request: Log4j versions 2.0 through 2.14.1 have been found to be vulnerable to a Remote Code Execution vulnerability due to the fact JNDI does not protect against attacker-controlled directory service providers. Description of the CVE-2021-44228 vulnerabilityįig 1: Typical CVE-2021-44228 Exploitation Attack Pattern Log4j uses the JNDI API to obtain naming and directory services from several available service providers: LDAP (Lightweight Directory Access Protocol), COS (Common Object Services), Java RMI registry (Remote Method Invocation), DNS (Domain Name Service), etc. To enhance its functionality from basic log formatting, Log4j added the ability to perform lookups: map lookups, system properties lookups as well as JNDI (Java Naming and Directory Interface) lookups. Log4j is a popular logging library used in Java by a large number of applications online.
0 kommentar(er)
