If you are one of the Log4j users, you must have heard about this by now.
● On December 9th, 2021, a vulnerability was discovered in Apache’s widely used computer library Log4j that puts sensitive information at risk.
● The said vulnerability blocks the authorized users from accessing the systems while allowing the attackers to execute arbitrary codes.
● Attackers can have access to the sensitive information from the systems that currently work on the affected versions of Log4j.
● The best way to prevent any damage to data is to find out and upgrade the systems to the latest version of Log4j.
● The Vulnerability only affects Log4j core and not Log4net, Log4cxx, or any other logging services from Apache.
On the 9th of December 2021, a security researcher from Alibaba cloud services discovered a Log4j vulnerability that was malicious enough to exploit the data without the knowledge of the users. Shortly after, another vulnerability was discovered that had similar effects. Many organizations including government ones are under threat with sensitive information being at risk.
However, since the discovery, apache has found the vulnerabilities and fixed them. To avoid any breach in data, it is advised and expected to update your systems to the latest version.
Before we go into what the vulnerabilities are, let us have you know that a system or an organization is said to be vulnerable when it accepts unauthorized inputs and then stores them into their Log4j libraries.
What are the Vulnerabilities?
● The vulnerability that affects the Log4j versions 2.0-beta9 to 2.14.1 is commonly called ‘Log4shell’ Vulnerability. It basically allows anybody to simply access the code as they wish and get their hands on the data if it is exploited.
● This vulnerability affects Log4j versions 2.0 beta9 to 2.15.0. This vulnerability is essentially a denial of service vulnerability. It blocks the authorized user from the service leaving it vulnerable to the perpetrators who can access information from the organizations.
● This is a similar vulnerability to CVE – 2021 – 45105. A denial of service that blocks the intended user to access the system while allowing the perpetrator to access sensitive information. Patches to fix the vulnerabilities have been already released by
Patches to fix the vulnerabilities have been already released by Apache but the best solution to protect your information from the said vulnerabilities is to upgrade it to the latest version.
Since the Log4j library is extremely popular in the Java ecosystem, the new vulnerabilities allow insecure JNDI lookups to let an unauthorized user or possibly an attacker to execute an arbitrary code, hence giving him access to data.
According to CBS, more than 3 million attempts to exploit the vulnerability have been reported, 46% of which were made by known malicious groups, leaving millions of devices and the information at risk.
It was reported that a minimum of 12 groups are using these vulnerabilities so the quicker the action, the safer the sensitive information at this point.
How to detect the Vulnerability?
To begin with, it is best to know if the system has suffered an attack or not. You can check your system logs. Many attacks were detected in the systems and yet, there was no significant damage reported. However, it is best to know if the project is vulnerable or not.
Identify every single project using the Log4j library. The vulnerable versions are at most risk to malicious attacks. Even if there are not, patching them up or updating to the newest Log4j version is the best way to prevent any malicious execution of codes.
If there is any vulnerable project in the system, it is best to know if there is manipulative information that can put sensitive data at high risk, and quick analysis to see if the web application was already targeted might help.
Using behavioral analytics helps the most in the detection of any attack because you understand the normal behavior of your applications or websites that help you dig deeper into the attack. You can find free tools that are available on the internet that will help you detect the vulnerabilities in your projects.
Please note that Log4j versions that are earlier than 1. are outdated and do not receive any sort of updates.
With the new patches, and the option to upgrade the systems, the organizations are definitely safer than the beginning of December. And if you are looking for an upgrade for your Log4j library, this might be the best time for it.