Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a ubiquitous logging tool included in nearly each Java application. The issue has been named Log4Shell. Major global organizations are facing stress to fix what specialists are calling one of the major serious software flaws in recent memory. The flaw in the Log4j software could permit hackers unfettered access to endpoints and has prompted an essential warning by the US government’s cybersecurity agency.
A flaw in Log4j, the Java library for logging error messages across applications, is the most high-profile security vulnerability on the Internet right now and comes with a severity score of 10 out of 10. Security experts have warned that there are hundreds of thousands of attempts by hackers to find vulnerable devices; over 40 per cent of corporate networks have been targeted according to one Security Company.
What is Log4j?
Log4j vulnerability is a flaw in the Log4j software that could permit hackers unfettered access to computer systems and has prompted a critical warning by the US government’s cybersecurity organization.
The log4jvulnerability permits unauthenticated remote code to perform, and it is triggered when an exceptionally crafted string provided by the assaulter through a miscellaneousness of different input vectors is parsed and processed by the Log4j 2 vulnerable factor.
This vulnerability is in a Java library, the cross-platform nature of Java means the vulnerability is exploitable on many platforms, including Windows, Linux and multiple VMware products.
What devices and applications are at risk?
Basically, any device exposed to the Internet is at risk if it is running Apache Log4J, versions 2.0 through 2.14. The NCSC notes that Log4j version 2 (Log4j2), the affected version, is included in the Apache Struts2, Solr, Druid, Flink, and Swift frameworks.
Mirai, a botnet that targets all types of Internet-connected (IoT) devices, has adopted an exploit to blame. Cisco and VMware have released patches for their affected products, respectively.
AWS has detailed how the flaw affects its services and said it is working on patching its services that use Log4j and has issued mitigations for services like CloudFront.
Similarly, IBM said it is “actively responding” to the Log4j vulnerability in IBM’s own infrastructure and its products. IBM has confirmed that Websphere 8.5 and 9.0 are vulnerable. Oracle has also released a patch for the flaw.
Vendors with popular products still considered vulnerable include Atlassian, Amazon, Microsoft Azure, Cisco, Comvault, ESRI, Precise, Fortinet, JetBrains, Nelson, Nutanix, OpenMRS, Oracle, Red Hat, Splunk, Soft, and VMware. . The list gets even longer when adding products where a patch has been released.
How to detect the Log4j vulnerability in your applications?
This log4j demonstrates that scanning your applications for vulnerabilities is crucial, and something that you should do often. In inclusion, it is vital to update your Java distribution to the major recent release to advantage of the new security updates.
Scanning your application with Open Source tools will show you vulnerabilities in your open source libraries, together with this issue with log4j.
How can you prevent Log4j software vulnerability?
The main advice is to identify internet-facing devices running Log4j and upgrade them to version 2.15.0, or to apply the mitigations provided by vendors “immediately”. But it also recommends setting up alerts for probes or attacks on devices running Log4j.
Additionally, enumerating any external-facing devices with Log4j installed; ensuring the security operations center actions every alert with Log4j installed; and installing a web application firewall (WAF) with rules to focus on Log4j.
Many application frameworks in the Java ecosystem use this logging framework by default. For example- Apache Solr, Apache Struts 2, and Apache Druid are all dominant. Aside from those, Apache log4j is also used in numerous Spring and Spring Boot applications, so we propound you check your applications and update them to the latest version.