QID 376193

Date Published: 2021-12-17

QID 376193: Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) Detected Based on Qualys Log4j scan Utility (CVE-2021-45046)

Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.

CVE-2021-45046: A zero-day exploit affecting the popular Apache Log4j utility to Remote Code Execution.

Affected versions:
Log4j versions from 2.x prior to 2.12.2
Log4j versions 2.13.0 prior to and including 2.15.0

QID Detection: (Authenticated)
Operating System: Windows
This QID reads the file generated by Qualys utility Qualys Log4j Scan Utility for Windows
The QID reads 1st 100000 characters from the generated out put file.

QID Detection: (Authenticated)
Operating System: Linux
This QID reads the file generated by Qualys utility Qualys Log4j Scan Utility for Linux to find vulnerable instances of Log4j.

Successful exploitation of this vulnerability could lead to remote code execution (RCE) on the target.

  • CVSS V3 rated as Critical - 9 severity.
  • CVSS V2 rated as Medium - 5.1 severity.
  • Solution
    Apache recommends customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). Please refer to the mitigations mentioned here Log4j.
    Vendor References

    CVEs related to QID 376193

    Software Advisories
    Advisory ID Software Component Link
    Apache Log4j URL Logo logging.apache.org/log4j/2.x/security.html