Oracle Java SE and Apache Log4j product Remote Code Execution Vulnerability
RISK: Extremely High Risk
TYPE: Web services - Web Servers
A vulnerability has been identified in Oracle Java SE and Apache Log4j product. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.
Note:
CVE-2021-44228 is being exploited in the wild.
JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP component attack vector. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to false meaning JNDI cannot load a remote codebase using LDAP.
CVE-2021-44228 affect Apache Log4j component of Apache Struts2、Apache Solr、Apache Druid、Apache Flink and so on.
[Updated on 2021-12-14]
Updated System / Technologies affected, Solutions, Source and Related Links.
[Updated on 2021-12-15]
Updated System / Technologies affected, Solutions, Source and Related Links.
[Updated on 2021-12-16]
Updated System / Technologies affected, Solutions, Source and Related Links.
[Updated on 2021-12-17]
Updated System / Technologies affected, Solutions, Source and Related Links.
[Updated on 2021-12-20]
Updated Solutions, Related Links and More Articles.
[Updated on 2021-12-21]
Updated System / Technologies affected, Solutions, Source and Related Links.
Impact
- Remote Code Execution
System / Technologies affected
- For affected versions of Java SE and Apache Log4j, please refer to the link below:
[Updated on 2021-12-14]
For Cisco Products
For detail, please refer to the links below:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
For VMWare Products
For detail, please refer to the links below:
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
For IBM WebSphere Application Server
WebSphere Application Server Version 9.0.0.0 through 9.0.5.10 WebSphere Application Server Version 8.5.0.0 through 8.5.5.20
[Updated on 2021-12-15]
For Amazon Products
For detail, please refer to the links below:
https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
For Atlassian Products
For detail, please refer to the links below:
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
For Boardcom Products
For detail, please refer to the links below:
For Citrix Products
For detail, please refer to the links below:
https://support.citrix.com/article/CTX335705
For ConnectWise Products
For detail, please refer to the links below:
https://www.connectwise.com/company/trust/advisories
For Debian
For detail, please refer to the links below:
https://security-tracker.debian.org/tracker/CVE-2021-44228
For Fortinet Products
For detail, please refer to the links below:
https://www.fortiguard.com/psirt/FG-IR-21-245
For F-Secure Products
For detail, please refer to the links below:
For Ghidra
For detail, please refer to the links below:
For Juniper Products
For detail, please refer to the links below:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259
For McAfee Products
For detail, please refer to the links below:
https://kc.mcafee.com/corporate/index?page=content&id=KB95091
For MongoDB Products
For detail, please refer to the links below:
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
For Okta Products
For detail, please refer to the links below:
https://sec.okta.com/articles/2021/12/log4shell
For OWASP ZAP
For detail, please refer to the links below:
https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/
For Redhat Products
For detail, please refer to the links below:
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009#updates-for-affected-products
For SolarWinds Products
For detail, please refer to the links below:
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228
For SonicWall Products
For detail, please refer to the links below:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
For Splunk Products
For detail, please refer to the links below:
For Ubiquiti Products
For detail, please refer to the links below:
For Ubuntu
For detail, please refer to the links below:
https://ubuntu.com/security/CVE-2021-44228
For Zoho Products
For detail, please refer to the links below:
For ZScaler Products
For detail, please refer to the links below:
[Updated on 2021-12-16]
For SUSE
For detail, please refer to the links below:
https://www.suse.com/security/cve/CVE-2021-44228.html
For Intel Products
For detail, please refer to the links below:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
For Microsoft Products
For detail, please refer to the links below:
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
For Sophos Products
For detail, please refer to the links below:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
For Trend Micro Products
For detail, please refer to the links below:
https://success.trendmicro.com/solution/000289940
For Palo Alto PAN-OS
For detail, please refer to the links below:
https://security.paloaltonetworks.com/CVE-2021-44228
[Updated on 2021-12-17]
For NetApp Products
For detail, please refer to the links below:
https://security.netapp.com/advisory/ntap-20211210-0007/
For Salesforce Products
For detail, please refer to the links below:
https://help.salesforce.com/s/articleView?id=000363736&type=1
[Updated on 2021-12-21]
For HPE Products
For detail, please refer to the links below:
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04215en_us
Solutions
Before installation of the software, please visit the vendor web-site for more details.
For patch and mitigation of Apache Log4j, please refer to the link below:
- For patch of Java SE, please refer to the link below:
https://www.oracle.com/java/technologies/javase/products-doc-8u121-revision-builds-relnotes.html
[Updated on 2021-12-17]
Detection methods for reference
- In linux environment
File system search for log4j:
find / -type f -print0 |xargs -n1 -0 zipgrep -i log4j2 2>/dev/null
If a dependency or package manager is used:
dpkg -l | grep log4j
- Docker vulnerability images scan for Log4j 2 CVE
For detail, please refer to the links below:
https://docs.docker.com/engine/scan/#scan-images-for-log4j-2-cve
- In Windows environment
PowerShell search for log4j:
gci 'C:\' -rec -force -include *.jar -ea 0 | foreach {select-string "JndiLookup.class" $_} | select -exp Path
[Updated on 2021-12-14]
For Cisco Products
For detail, please refer to the links below:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
For VMWare Products
For detail, please refer to the links below:
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
For IBM WebSphere Application Server
For detail, please refer to the links below:
https://www.ibm.com/support/pages/node/6525706
[Updated on 2021-12-15]
For Amazon Products
For detail, please refer to the links below:
https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
For Atlassian Products
For detail, please refer to the links below:
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
For Boardcom Products
For detail, please refer to the links below:
For Citrix Products
For detail, please refer to the links below:
https://support.citrix.com/article/CTX335705
For ConnectWise Products
For detail, please refer to the links below:
https://www.connectwise.com/company/trust/advisories
For Debian
For detail, please refer to the links below:
https://security-tracker.debian.org/tracker/CVE-2021-44228
For Fortinet Products
For detail, please refer to the links below:
https://www.fortiguard.com/psirt/FG-IR-21-245
For F-Secure Products
For detail, please refer to the links below:
For Ghidra
For detail, please refer to the links below:
For Juniper Products
For detail, please refer to the links below:
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259
For McAfee Products
For detail, please refer to the links below:
https://kc.mcafee.com/corporate/index?page=content&id=KB95091
For MongoDB Products
For detail, please refer to the links below:
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
For Okta Products
For detail, please refer to the links below:
https://sec.okta.com/articles/2021/12/log4shell
For OWASP ZAP
For detail, please refer to the links below:
https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/
For Redhat Products
For detail, please refer to the links below:
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009#updates-for-affected-products
For SolarWinds Products
For detail, please refer to the links below:
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228
For SonicWall Products
For detail, please refer to the links below:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
For Splunk Products
For detail, please refer to the links below:
For Ubiquiti Products
For detail, please refer to the links below:
For Ubuntu
For detail, please refer to the links below:
https://ubuntu.com/security/CVE-2021-44228
[Updated on 2021-12-20]
https://ubuntu.com/security/notices/USN-5192-2
For Zoho Products
For detail, please refer to the links below:
For ZScaler Products
For detail, please refer to the links below:
[Updated on 2021-12-16]
For SUSE
For detail, please refer to the links below:
https://www.suse.com/security/cve/CVE-2021-44228.html
For Intel Products
For detail, please refer to the links below:
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
For Microsoft Products
For detail, please refer to the links below:
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
For Sophos Products
For detail, please refer to the links below:
https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
For Trend Micro Products
For detail, please refer to the links below:
https://success.trendmicro.com/solution/000289940
For Palo Alto PAN-OS
For detail, please refer to the links below:
https://security.paloaltonetworks.com/CVE-2021-44228
[Updated on 2021-12-17]
For NetApp Products
For detail, please refer to the links below:
https://security.netapp.com/advisory/ntap-20211210-0007/
For Salesforce Products
For detail, please refer to the links below:
https://help.salesforce.com/s/articleView?id=000363736&type=1
[Updated on 2021-12-21]
For HPE Products
For detail, please refer to the links below:
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04215en_us
Vulnerability Identifier
Source
- AusCERT
- Oracle
- CERT/CC
- Cisco
- VMWare
- IBM
- Amazon
- Atlassian
- Broadcom
- Citrix
- ConnectWise
- Debian
- Fortinet
- F-Secure
- Ghidra
- Intel
- Juniper
- McAfee
- Microsoft
- MongoDB
- NetApp
- Okta
- OWASP ZAP
- Palo Alto
- RedHat
- Salesforce
- SolarWind
- SonicWall
- Sophos
- Splunk
- SUSE
- Trend Micro
- Uniquiti
- Ubuntu
- Zoho
- ZScaler
- HPE
Related Link
- https://www.auscert.org.au/bulletins/ASB-2021.0244.2
- https://www.oracle.com/java/technologies/javase/products-doc-8u121-revision-builds-relnotes.html
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
- https://www.vmware.com/security/advisories/VMSA-2021-0028.html
- https://www.ibm.com/support/pages/node/6525706
- https://aws.amazon.com/security/security-bulletins/AWS-2021-006/
- https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259
https://kc.mcafee.com/corporate/index?page=content&id=KB95091
https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb
https://access.redhat.com/security/vulnerabilities/RHSB-2021-009#updates-for-affected-products
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
- https://www.zscaler.com/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021
- https://www.suse.com/security/cve/CVE-2021-44228.html
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html
- https://kb.cert.org/vuls/id/930724
- https://www.ncsc.gov.uk/news/apache-log4j-vulnerability
- https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/
- https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce
- https://success.trendmicro.com/solution/000289940
- https://security.paloaltonetworks.com/CVE-2021-44228
- https://security.netapp.com/advisory/ntap-20211210-0007/
- https://help.salesforce.com/s/articleView?id=000363736&type=1
- https://ubuntu.com/security/notices/USN-5192-2
- https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04215en_us
Related Tags
Share with
More Articles
