Date Published: 2021-12-29
QID 376209: Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-44832)
Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.
CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4)
QID Detection: (Authenticated) - Linux
This detection is based on querying the OS package managers on the target. If the target has a log4j package with a affected version, the target is flagged as vulnerable. This detection logic is updated to find log4j installs using the locate command and ls proc command.
QID Detection: (Authenticated) - Windows
On Windows system, the QID identifies vulnerable instance of log4j via WMI to check log4j included in the running processes via command-line.
Successful exploitation of this vulnerability could lead to Remote Code Execution
- Apache Log4j - logging.apache.org/log4j/2.x/security.html
CVEs related to QID 376209