Morefield Communications Cybersecurity and IT Operations team have been carefully monitoring a new vulnerability in the Log4J Java library which provides logging capabilities to various software. This new vulnerability (Log4Shell) allows a remote, unauthenticated attacker to force Java-based applications and servers to log a specific string into their internal systems, if using the Log4J library. When the application or server processes the logs, the string can force the vulnerable system to download and run a malicious script from an attacker-controlled domain, effectively taking over the vulnerable application or server.
A significant number of applications are affected. We will be updating this post as new information and affected applications are discovered.
Listed below are some of the running list of all applications and/or server products affected:
- Apache Software Foundation – Apache Struts, Apache Flink, Apache Druid, Apache Flume, Apache Solr, Apache Flink, Apache Kafka, Apache Dubbo (not limited to these products)
- Palo Alto
BlueTeam CheatSheet * Log4Shell* – User community updated list of vulnerable applications
- Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228) – https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592?s=09
- CISA: NIST – National Vulnerability Database- CVE -2021-44228 Detail – https://nvd.nist.gov/vuln/detail/CVE-2021-44228#vulnCurrentDescriptionTitle
- Cisco Talos –Threat Advisory: Critical Apache Log4j vulnerability being exploited in the wild – https://blog.talosintelligence.com/2021/12/apache-log4j-rce-vulnerability.html
- CISA Release: https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce
We expect more application vendors to report this vulnerability and we are diligently monitoring vendor responses for platforms and systems commonly deployed. We are committed to helping our clients make smart technology decisions while delivering outstanding service and expert solutions. If you have any questions, please contact your Network Administrator or Sales Representative.