Log4Shell Vulnerability Vast & Abundant
Industry: N/A | Level: Tactical | Source: Rezilion
Since December 2021, the attack surface from the Log4Shell vulnerability has continued to be far-reaching. Research from Rezilion identified, four months have gone by, and the vulnerability is present in many software products, and continues to be downloaded and unpatched. Utilizing Sonatype’s “Log4j Download Dashboard”, downloads with vulnerable Log4j versions are still present, as of April 26th, 2022, there has been 35% (395,281) vulnerable downloads. Further analysis has identified many Log4Shell components remain unpatched, “When exploring the components affected by the Log4Shell vulnerability, i.e. components using org.apache.logging.log4j:
- Anvilogic Scenario: Common Log4Shell Payload
- Anvilogic Use Case: Potential CVE-2021-44228 – Log4Shell