QID 150440

Date Published: 2021-12-11

QID 150440: Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell CVE-2021-44228)

Apache Log4j is an Java-based logging utility, which is leveraged within numerous Java applications around the world.

On affected versions of Log4j, a zero-day vulnerability exists in JNDI (Java Naming and Directory Interface) features, which was made public on December 9, 2021 that results in remote code execution (RCE).

Affected versions:
Log4j versions: 2.x prior to and including 2.15.0-rc1

QID Detection Logic: (Unauthenticated)
The QID sends a HTTP GET request with specially crafted payload inside Request headers, where vulnerable servers will make a DNS query that will trigger Qualys Periscope detection mechanism.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target system.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    Vendor has released a fix for this vulnerability, Customers are advised to upgrade to Log4j version 2.16.0.

    If upgrading is not possible, please refer to mitigation details mentioned on Log4j Security Advisory

    Vendor References

    CVEs related to QID 150440

    Software Advisories
    Advisory ID Software Component Link
    Apache Log4j URL Logo logging.apache.org/log4j/2.x/download.html