Flash Briefing: Log4Shell Impact & Fixes Download

Flash Briefing: Log4Shell Impact & Fixes Download

Just in time for the holidays, a significant vulnerability was identified in Apache's Java-based logging library, Log4J. This vulnerability was disclosed on 12/10/2021 and is known as Log4Shell. The flaw exposes some of the world's most popular applications and services to attack. It impacts AWS, Microsoft, Cisco, Google Cloud, and any platforms using software that utilizes the Log4j library.

Like Solarwinds, this weakness is at the core of the technology stack. Unlike Solarwinds, which tended to affect primarily large platform customers, this zero-day will impact even the smallest organizations dependent upon the webserver logging library.

ProCircular IR Engineer, Joey Marinello, gave a flash briefing on the topic, including steps to implement mitigating controls and detect whether you've been affected by this sophisticated and targeted attack. Be sure to download this briefing and take a look at the vulnerability resources below: 

Updating list of software platforms known to be vulnerable to Log4Shell: https://github.com/NCSC-NL/log4shell/tree/main/software

Community-sourced list of IP addresses seen attempting to exploit Log4Shell: https://gist.github.com/gnremy/c546c7911d5f876f263309d7161a7217

Log4Shell Proof-of-Concept code: https://github.com/tangxiaofeng7/CVE-2021-44228-Apache-Log4j-Rce

List of known vulnerable Log4j .jar files: https://github.com/mubix/CVE-2021-44228-Log4Shell-Hashes/blob/main/md5sum.txt

Script to test potentially vulnerable endpoints: https://github.com/fullhunt/log4j-scan

Script to analyze log files for Log4Shell exploitation attempts: https://github.com/Neo23x0/log4shell-detector

Log4Shell Vulnerability Overview and Analysis: https://www.randori.com/blog/cve-2021-44228/

Huntress Log4Shell Vulnerability Tester:             https://log4shell.huntress.com/

Inside the Log4j2 vulnerability (CVE-2021-44228): https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/