Recently a 0-day vulnerability in log4j (2) is being identified, and almost all the big companies are being affected by this vulnerable library. So, how this attack works is like very simple, there is a web server running with vulnerable log4j library, an attacker crafts JNDI (an identifier to call the API) at the remote end. Once the crafted JNDI payload is executed by log4j lobrary, the malicious code will downloaded at the server and gets executed to return shell, or run remote commands.
The vulnerable versions of log4j 2.0 - 2.14.1
To replicate this attack there are lot of vulnerable apps present online, but a demo vulnerable app released by Christophetd (big fan) is released that holds a web app on springboot, and works on log4j 2.14.1 and jdk 1.8.0_181. Below is the link for the vulnerable app.
github.com/christophetd/log4shell-vulnerable-app
Mitigation - Upgrade log4j to 2.15.0
PS - Only for demonstration purposes.
#CVE2021-44228 #log4j #log4jRCE #log4jRemoteCodeExecution #malware #exploit
deepanshu khanna
コメント