JNDI is the acronym for Java Naming and Directory Interface, which is a Java API for consuming certain services oriented to searching for objects on a network.
JNDI is commonly used to associate logical names with resources, analogous to how the DNS service associates FQDNs with IPs. For example, when an EJB (Enterprise JavaBeans) requests a resource from JNDI, it passes the request to the corresponding service and returns the resource.
Among the services supported by JNDI, LDAP, RMI or DNS stand out, among others, which were actively used to attack vulnerable Log4J components (see CVE-2021-44228) through JNDI Injection-type attacks. This attack was commonly known as “Log4Shell“, which was extensively studied and monitored by our Threat Hunting service.
Cybersecurity articles related to JNDI
Several technical articles related to JNDI and cybersecurity have been published on Tarlogic’s website.
- Log4shell full picture: All the vulnerabilities affecting Log4j
- Log4Shell vulnerability CVE-2021-44228, the new cyber-apocalypse
- Tracking JNDI attacks: Hunting Log4Shell in your network
- CVE-2022-42889: Text4Shell, Critical Vulnerability in Apache Commons Text
Cybersecurity services related to JNDI
Vulnerability management: This continuous vulnerability analysis service enables management of the vulnerability life cycle and reduces the exposure surface.
- More information: Vulnerability management as a service
Emerging vulnerabilities: This service is activated upon the publication of a critical vulnerability that may affect your organization’s perimeter, allowing for early response. We analyze the impact of zero-day vulnerabilities on the perimeter 24×7 and identify affected assets.
- More information: Emerging Threats service
Threat Hunting: A managed service focused on the proactive detection of suspicious activity and containment of threats in endpoints, using telemetry generated by EDR and XDR technologies, and following the methodology defined in the MITRE ATT&CK framework.
- More information: Threat Hunting service