QID 376209

Date Published: 2021-12-29

QID 376209: Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-44832)

Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.

CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

Affected versions:
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4)

QID Detection: (Authenticated) - Linux
This detection is based on querying the OS package managers on the target. If the target has a log4j package with a affected version, the target is flagged as vulnerable. This detection logic is updated to find log4j installs using the locate command and ls proc command.

QID Detection: (Authenticated) - Windows
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.

Successful exploitation of this vulnerability could lead to Remote Code Execution

  • CVSS V3 rated as High - 6.6 severity.
  • CVSS V2 rated as High - 6 severity.
  • Solution
    Apache recommends customers to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later). Please refer to the mitigations mentioned here Log4j.
    Vendor References

    CVEs related to QID 376209

    Software Advisories
    Advisory ID Software Component Link
    Apache Log4j URL Logo logging.apache.org/log4j/2.x/security.html