QID 730297

Date Published: 2021-12-11

QID 730297: Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) (Unauthenticated)

A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).

Affected versions:
Log4j versions 2.x prior to and including 2.14.1 (exclude 2.12.x)
Log4j versions 2.12.x prior to 2.12.2

QID Detection Logic: (Unauthenticated)
The QID sends a specially crafted payload to do a callback on scanner to find vulnerable instances.

Successful exploitation of this vulnerability could lead to remote code execution (RCE) on the target.

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution
    The vendor has released a fix for this vulnerability and the customers are advised to update their Log4j to the version 2.15.0. If updating the version is not possible, please refer to the mitigations mentioned here Log4j.
    Vendor References

    CVEs related to QID 730297

    Software Advisories
    Advisory ID Software Component Link
    Apache Log4j URL Logo logging.apache.org/log4j/2.x/download.html