QID 376210

Date Published: 2021-12-29

QID 376210: Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) Detected Based on Qualys Log4j scan Utility (CVE-2021-44832)

A vulnerability affecting the popular Apache Log4j utility (CVE-2021-44832) was made public on December 28, 2021 that results in remote code execution (RCE).
CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.

Affected versions:
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4)

QID Detection: (Authenticated) - Windows
This QID reads the file generated by Qualys utility Qualys Log4j Scan Utility for Windows
The QID reads 1st 100000 characters from the generated out put file.

QID Detection: (Authenticated) - Linux
This QID reads the file generated by Qualys utility Qualys Log4j Scan Utility for Linux to find vulnerable instances of Log4j.

Successful exploitation of this vulnerability could lead to remote code execution (RCE) on the target.

  • CVSS V3 rated as High - 6.6 severity.
  • CVSS V2 rated as High - 6 severity.
  • Solution
    Apache recommends customers to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later). Please refer to the mitigations mentioned here Log4j.
    Vendor References

    CVEs related to QID 376210

    Software Advisories
    Advisory ID Software Component Link
    NA URL Logo logging.apache.org/log4j/2.x/download.html