Security Alert: Java’s Apache log4j vulnerability

30 Dec 2021

Security Alert: Java’s Apache log4j vulnerability

A major vulnerability in the code of Java software library used for logging has recently been discovered. This vulnerability, commonly known as log4shell, is present in Apache log4j, a Java-based library widely used for logging in software and applications.

Common Vulnerability Exposure discovered in December 2021, CVE-2021-44228, a reference method for publicly known information-security vulnerabilities and exposures, affects Java’s Apache versions 2.0 to 2.15 which has been classified as critical The log4shell vulnerability allows attackers to execute code remotely, compromise systems and disclose information.  Attackers can exploit this vulnerability in combination with other methods to widen and sharpen their attacks.

The logging library Log4j is an extensively used framework by applications and services across the world. The CVE-2021-44228 vulnerability is exploited by sending a specific Java Naming and Directory Interface (JNDI) string into the Log4J software and in turn trigger the execution of malicious code in the directory services such as Library Directory Application Protocol (LDAP), hence compromising these systems.

Other identified Common Vulnerability Exposures  related to log4j are:
  • CVE-2021-45046: The remote code execution allows an attacker to insert a malicious Java class file location into the directory data and execute it on the system to compromise it.
  • CVE-2021-45105: Denial of Service (DOS) allows an infinite recursion to be triggered on the vulnerable application to exhaust the system’s resources and severely affecting the services.
In line with global Cyber Security bodies, BIRGER. recommends to:
  • Follow recommended security best practices and upgrade to the latest Log4j versions recommended by official Apache community website or apply corresponding security patches recommended by technology vendors.
  • Protect the public-facing services that have Log4j capabilities
  • Make use of Web Application Firewalls with up-to-date security engines
  • Ensure proactive monitoring via specialised security service providers and contact our Security Operations Centre (SOC) in response to alerts on the related systems and devices.
  • Update Response and Remediation procedures for such vulnerabilities in your Business Continuity Plan

For more information on the topic and our Cyber Security Solutions & Services, please contact us by mail security@birger.technology.

You may also like

21 Dec 2020

JOYEUX NOEL & BONNE ANNEE 2021

Nous vous remercions pour votre soutien continu tout au long de l'année 2020. Nous profitons de cette occasion pour vous souhaiter, à vous et à votre famille, un joyeux Noël et une bonne année 2021.

Read More

31 Mar 2021

BIRGER. Rapport 2020 dédié à la Cyber Sécurité

BIRGER. a le plaisir d'annoncer la publication de son Rapport 2020 dédié à la Cyber Sécurité. Ce rapport fait suite à notre 4ème enquête dédiée à la Cyber Sécurité réalisée durant le quatrième trimestre de 2020.

Read More

30 Jan 2019

BIRGER. Solutions de Dématérialisation Sécurisées

LA SOCIETE BIRGER. offre des solutions de dématérialisation qui aident  simplifier et accroître la rapidité des recherches de documents et informations. La recherche des documents physiques est susceptible d’être laborieuse et peut prendre des heures ou même des jours comparativement aux recherches d’informations électroniques qui se font en quelques secondes et ce, « at finger tip ».

Read More