QID 48199

Date Published: 2021-12-13

QID 48199: Environment Variables Mitigation Applied for Log4Shell (CVE-2021-44228) - Deprecated

A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).

Mitigation for CVE-2021-44228: In releases >=2.10, this behavior can be mitigated by setting either the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. This is an Information Gathering QID where LOG4J Environment Variables 'LOG4J_FORMAT_MSG_NO_LOOKUPS = True'

QID Detection: (Authenticated)
Windows: This authenticated QID pulls the Data from the windows registry key. UNIX: This authenticated QID pulls the Data Environment Variables using /usr/bin/env
NOTE: NOTE: Apache updated their advisories and as per latest details the fix is incomplete. Apache Log4j


Vendor References

CVEs related to QID 48199

Software Advisories
Advisory ID Software Component Link