CVE-2021-44228 (Log4Shell Vulnerability): What you Need to Know…


December 17, 2021

There’s a particularly nasty vulnerability stalking the internet. It’s called CVE-2021-44228 and it’s making heads spin on shoulders the world over.First discovered, or at least reported, at the end of November, CVE-2021-44228 is a software vulnerability that allows remote code executions via the Apache Foundation’s Log4j.

What is Log4Shell?

Log4j is an open-source Java library that is used extensively in both open-source and commercial software. Log4j is primarily used for sending text strings that are stored in log files and databases. 

It can be used to track website visitors, notify engineers when warnings or errors happen, etc. Unfortunately, Log4j isn’t limited to log plain strings. It also allows for formatted text strings that can be executed as code.

The vulnerability allows attackers to control log messages or log message parameters. This means they can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

The Bigger Problem

It’s bad enough that attackers can execute arbitrary code via CVE-2021-44228. It’s even worse when you realize Log4j is used widespread, meaning pretty much anyone using it is vulnerable. On top of that, if exploited correctly, attackers can do almost anything they want.

Is There a Solution?

Thankfully, there is. Apache released Log4j 2.16.0 on December 13th. An earlier fix was released on December 6th (2.15.0) but that was hampered by a CVE related to the issue (CVE-2021-45046).

There’s currently a curated list over at GitHub that documents the software currently vulnerable to CVE-2021-44228. It’s…massive. Thankfully it’s being updated with patch information as it becomes available.

If anything the list helps paint the picture of how HUGE the impact is for this CVE. It’s almost unimportant that there’s a fix as it’s going to potentially take months for people to patch their software (for a variety of reasons, not just sloth. I had to say that before anybody started pointed fingers).

I predict we haven’t seen the end of this so keep coming back. We’ll be updating the blog with more information when available.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Don’t forget to follow us on LinkedIn and Twitter

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...