QID 150441

Date Published: 2021-12-17

QID 150441: Forms Vulnerable to Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell CVE-2021-44228)

Apache Log4j is an Java-based logging utility, which is leveraged within numerous Java applications around the world.

On affected versions of Log4j, a zero-day vulnerability exists in JNDI (Java Naming and Directory Interface) features, which was made public on December 9, 2021 that results in remote code execution (RCE).

Affected versions:
Log4j versions: 2.x prior to and including 2.15.0-rc1

QID Detection Logic: (Unauthenticated)
The QID sends HTTP requests with specially crafted payload inside form fields, where vulnerable servers will make a DNS query that will trigger Qualys Periscope detection mechanism.

Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target system.

CVSS V3 rated as Critical - 10 severity.

CVSS V2 rated as Critical - 9.3 severity.

Solution

Vendor has released a fix for this vulnerability, Customers are advised to upgrade to Log4j version 2.16.0.

If upgrading is not possible, please refer to mitigation details mentioned on Log4j Security Advisory

Vendor References

Apache Log4j Security Advisory - logging.apache.org/log4j/2.x/security.html

CVEs related to QID 150441

CVE-2021-44228 |

Software Advisories

Advisory ID	Software	Component	Link
Apache Log4j			logging.apache.org/log4j/2.x/download.html

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].

Array ( [qid] => 150441 [title] => Forms Vulnerable to Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell CVE-2021-44228) [severity] => 5 [description] => Apache Log4j is an Java-based logging utility, which is leveraged within numerous Java applications around the world.

Affected versions:
Log4j versions: 2.x prior to and including 2.15.0-rc1

[solution] => Vendor has released a fix for this vulnerability, Customers are advised to upgrade to Log4j version 2.16.0.

If upgrading is not possible, please refer to mitigation details mentioned on Log4j Security Advisory

[consequence] => Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the target system. [published] => Yes [date_insert] => 2021-12-17 [date_published] => 2021-12-17 [cve] => Array ( [0] => CVE-2021-44228 ) [vendor_refs] => Array ( [0] => Array ( [vendor_ref] => Apache Log4j Security Advisory [vendor_ref_url] => https://logging.apache.org/log4j/2.x/security.html ) ) [cvss_v2] => Array ( [basescore] => 9.3 [temporalscore] => 7.3 ) [cvss_v3] => Array ( [basescore] => 10 [temporalscore] => 9 ) [patches] => Array ( [0] => Array ( [link] => https://logging.apache.org/log4j/2.x/download.html [advisory_id] => Apache Log4j [os_sw] => [component] => ) ) )