Blogs

Back to Previous Page

Apache Log4j Vulnerability

Apache Log4j is a Java-based logging utility library that is part of the Apache Logging Services, a project of the Apache Software Foundation. Since this software is prolific in internet-connected devices, from IoT products like TVs, cameras, and portable devices to servers running major vendor’s cloud operations, a vulnerability in Log4j, can be described as “catastrophic” and “nightmarish”, since not only resolution can be complex, but also because the affected version of Java has existed since 2013.

Cybersecurity experts from the FBI, CISA, and the NSA continue to warn, that since the vulnerabilities became public in early Dec. ’21, there has been increased activity by nefarious state actors, and ransomware groups actively scanning networks to potentially exploit the vulnerability in Log4Shell (Apache’s Log4j software library, versions 2.0-beta9 to 2.14.1). This remote code execution (RCE) vulnerability can be used to deploy Cobalt Strike beacons, crypto miners, and botnet malware. This became evident even in the Java edition of Minecraft, Microsoft’s popular video game when players could compromise other players’ systems by sending malicious code through chat messages.  The list of affected companies and software continues to grow. However, federal agencies faced a Dec. 24. 2021 deadline to remediate the vulnerability even though CISA has not encountered any confirmed breaches of Federal agencies via the vulnerability.

For Java 8 users Apache has released Log4j 2.17.0 that includes patches for the RCE vulnerability and denial-of-service vulnerabilities.  For Java7 users Log4j is at 2.12.2, to address the RCE vulnerability

In response to this threat, organizations should, at a minimum, take the following steps:

  • Immediately identify any systems vulnerable to a Log4Shell attack, by using the new CISA scanner utility mirroring a similar tool released by the CERT Coordination Center (CERT/CC).
  • Identify any systems using Log4J Java library and immediately ensure it is not being used in any production systems and patch with updated security corrections.
  • Identify internet-facing applications that allow data inputs and use log4J; they are vulnerable to attack. Assume compromise
  • Use logs to identify unusual traffic patterns e.g., JNDI LDAP/RMI outbound traffic, DMZ systems initiating outbound connections
  • Update Apache servers with the latest updates for Apache HTTP Server
  • Monitor the Apache Log4j Security Vulnerabilities webpage for mitigation guidance
  • Seek help from a trusted vendor/partner

Read the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA)’s guidance on the Log4j vulnerability here and has added this vulnerability to its Known Exploited Vulnerabilities Catalog | CISA –  a list of vulnerabilities organized by severity.

In a connected world, vulnerabilities are inevitable.  Therefore, all organizations would do well to follow CISA guidelines and take proactive steps to reduce risks and breach impact.

apache

Recent Posts

Certifications

Socioeconomic Certifications

Small Business Administration 8(a) program

Small Business Enterprise (SBE)

Disadvantaged Business Enterprise (DBE)

Maryland Minority Business Enterprise Certified (MBE)

Industry certifications

ISO 9001:2015, Quality Management Systems

Contract Vehicles

Image 12
Image 8
Image 9
Image 10
Image 11
GSA72
8-a
total-small-business.BJhXRvCs-e1735227609457

Download Our resources