| Threats + Use Case

Log4Shell - CVE-2021-44228

CVE-2021-44228 / Log4Shell Vulnerability

Industry: N/A | Level: Tactical | Sources: LunaSec & GitHub-Log4Shell-List

 

A zero-day exploit has been identified for Java logging library “log4j” that could result in remote code execution. Affected versions include Log4j 2.0-beta9 up to 2.14.1 with service impacts to many Apache Struts configurations and cloud services such as Steam, Apple iCloud, and others.

The exploit requires three components a vulnerable log4j version, any protocol that enables the attack to send the exploit string, and a log statement that can log the string from the request.

Mitigation is available through an update with affected users recommended to update to log4j version “log4j-2.15.0-rc2”. Threat researchers have identified a variety of threats Kinsing (cryptocurrency miner), Mirai Malware, Cobalt Strike, a new unidentified ransomware strain, and likely others, yet to be identified, taking advantage of the widespread vulnerability.

**For updates, detection content & logic, attack flow, threat examples & use case demonstrations – Check out our Log4Shell blog 

We’re here to help by providing ready-to-deploy detection code (no strings attached) just reach out and we’ll send you the Splunk (SPL) detection logic, contact:  detection.support@anvilogic.com

 

Categories: ,