Skip to main content

Oracle Java SE and Apache Log4j product Remote Code Execution Vulnerability

Last Update Date: 21 Dec 2021 Release Date: 10 Dec 2021 10828 Views

RISK: Extremely High Risk

TYPE: Web services - Web Servers

TYPE: Web Servers

A vulnerability has been identified in Oracle Java SE and Apache Log4j product. A remote user can exploit this vulnerability to trigger remote code execution on the targeted system.

 

Note:

CVE-2021-44228 is being exploited in the wild.

 

JDK versions greater than 6u211, 7u201, 8u191, and 11.0.1 are not affected by the LDAP component attack vector. In these versions com.sun.jndi.ldap.object.trustURLCodebase is set to false meaning JNDI cannot load a remote codebase using LDAP.

CVE-2021-44228 affect Apache Log4j component of Apache Struts2、Apache Solr、Apache Druid、Apache Flink and so on.

 

 

[Updated on 2021-12-14]

Updated System / Technologies affected, Solutions, Source and Related Links.

 

[Updated on 2021-12-15]

Updated System / Technologies affected, Solutions, Source and Related Links.

 

[Updated on 2021-12-16]

Updated System / Technologies affected, Solutions, Source and Related Links.

 

[Updated on 2021-12-17]

Updated System / Technologies affected, Solutions, Source and Related Links.

 

[Updated on 2021-12-20]

Updated Solutions, Related Links and More Articles.

 

[Updated on 2021-12-21]

Updated System / Technologies affected, Solutions, Source and Related Links.


Impact

  • Remote Code Execution

System / Technologies affected

 

[Updated on 2021-12-14]

 

For Cisco Products

For detail, please refer to the links below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

 

For VMWare Products

For detail, please refer to the links below:

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

 

For IBM WebSphere Application Server

WebSphere Application Server Version 9.0.0.0 through 9.0.5.10 WebSphere Application Server Version 8.5.0.0 through 8.5.5.20

 

 

 

[Updated on 2021-12-15]

 

For Amazon Products

For detail, please refer to the links below:

https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

 

For Atlassian Products

For detail, please refer to the links below:

https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

 

For Boardcom Products

For detail, please refer to the links below:

https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

 

For Citrix Products

For detail, please refer to the links below:

https://support.citrix.com/article/CTX335705

 

For ConnectWise Products

For detail, please refer to the links below:

https://www.connectwise.com/company/trust/advisories

 

For Debian

For detail, please refer to the links below:

https://security-tracker.debian.org/tracker/CVE-2021-44228

 

For Fortinet Products

For detail, please refer to the links below:

https://www.fortiguard.com/psirt/FG-IR-21-245

 

For F-Secure Products

For detail, please refer to the links below:

https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take#:~:text=Messaging%20Security%20Gateway%22.-,How%20to%20patch%20my%20F%2DSecure%20Policy%20Manager,-We%20have%20created

 

For Ghidra

For detail, please refer to the links below:

https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_10.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html#:~:text=Upgraded%20log4j%20dependency

 

For Juniper Products

For detail, please refer to the links below:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259

 

For McAfee Products

For detail, please refer to the links below:

https://kc.mcafee.com/corporate/index?page=content&id=KB95091

 

For MongoDB Products

For detail, please refer to the links below:

https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

 

For Okta Products

For detail, please refer to the links below:

https://sec.okta.com/articles/2021/12/log4shell

 

For OWASP ZAP

For detail, please refer to the links below:

https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/

 

For Redhat Products

For detail, please refer to the links below:

https://access.redhat.com/security/vulnerabilities/RHSB-2021-009#updates-for-affected-products

 

For SolarWinds Products

For detail, please refer to the links below:

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228

 

For SonicWall Products

For detail, please refer to the links below:

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

 

For Splunk Products

For detail, please refer to the links below:

https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

 

For Ubiquiti Products

For detail, please refer to the links below:

https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1

 

For Ubuntu

For detail, please refer to the links below:

https://ubuntu.com/security/CVE-2021-44228

 

For Zoho Products

For detail, please refer to the links below:

https://pitstop.manageengine.com/portal/en/community/topic/apache-log4j-vulnerability-cve-2021-44228-1

 

For ZScaler Products

For detail, please refer to the links below:

https://www.zscaler.com/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021

 

 

[Updated on 2021-12-16]

 

For SUSE

For detail, please refer to the links below:

https://www.suse.com/security/cve/CVE-2021-44228.html

 

For Intel Products

For detail, please refer to the links below:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

 

For Microsoft Products

For detail, please refer to the links below:

https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

 

For Sophos Products

For detail, please refer to the links below:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

 

For Trend Micro Products

For detail, please refer to the links below:

https://success.trendmicro.com/solution/000289940

 

For Palo Alto PAN-OS

For detail, please refer to the links below:

https://security.paloaltonetworks.com/CVE-2021-44228

 

 

[Updated on 2021-12-17]

 

For NetApp Products

For detail, please refer to the links below:

https://security.netapp.com/advisory/ntap-20211210-0007/

 

For Salesforce Products

For detail, please refer to the links below:

https://help.salesforce.com/s/articleView?id=000363736&type=1

 

[Updated on 2021-12-21]

 

For HPE Products

For detail, please refer to the links below:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04215en_us


Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

 

[Updated on 2021-12-17]

 

Detection methods for reference

  1. In linux environment
  • File system search for log4j:

find / -type f -print0 |xargs -n1 -0 zipgrep -i log4j2 2>/dev/null

 

  • If a dependency or package manager is used:

dpkg -l | grep log4j

 

 

  1. Docker vulnerability images scan for Log4j 2 CVE

For detail, please refer to the links below:

https://docs.docker.com/engine/scan/#scan-images-for-log4j-2-cve

 

 

  1. In Windows environment
  • PowerShell search for log4j:

gci 'C:\' -rec -force -include *.jar -ea 0 | foreach {select-string "JndiLookup.class" $_} | select -exp Path

 

 

[Updated on 2021-12-14]

 

For Cisco Products

For detail, please refer to the links below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd

 

For VMWare Products

For detail, please refer to the links below:

https://www.vmware.com/security/advisories/VMSA-2021-0028.html

 

For IBM WebSphere Application Server

For detail, please refer to the links below:

https://www.ibm.com/support/pages/node/6525706

 

 

[Updated on 2021-12-15]

 

For Amazon Products

For detail, please refer to the links below:

https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

 

For Atlassian Products

For detail, please refer to the links below:

https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html

 

For Boardcom Products

For detail, please refer to the links below:

https://support.broadcom.com/security-advisory/content/security-advisories/Symantec-Security-Advisory-for-Log4j-2-CVE-2021-44228-Vulnerability/SYMSA19793

 

For Citrix Products

For detail, please refer to the links below:

https://support.citrix.com/article/CTX335705

 

For ConnectWise Products

For detail, please refer to the links below:

https://www.connectwise.com/company/trust/advisories

 

For Debian

For detail, please refer to the links below:

https://security-tracker.debian.org/tracker/CVE-2021-44228

 

For Fortinet Products

For detail, please refer to the links below:

https://www.fortiguard.com/psirt/FG-IR-21-245

 

For F-Secure Products

For detail, please refer to the links below:

https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take#:~:text=Messaging%20Security%20Gateway%22.-,How%20to%20patch%20my%20F%2DSecure%20Policy%20Manager,-We%20have%20created

 

For Ghidra

For detail, please refer to the links below:

https://htmlpreview.github.io/?https://github.com/NationalSecurityAgency/ghidra/blob/Ghidra_10.1_build/Ghidra/Configurations/Public_Release/src/global/docs/ChangeHistory.html#:~:text=Upgraded%20log4j%20dependency

 

For Juniper Products

For detail, please refer to the links below:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259

 

For McAfee Products

For detail, please refer to the links below:

https://kc.mcafee.com/corporate/index?page=content&id=KB95091

 

For MongoDB Products

For detail, please refer to the links below:

https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb

 

For Okta Products

For detail, please refer to the links below:

https://sec.okta.com/articles/2021/12/log4shell

 

For OWASP ZAP

For detail, please refer to the links below:

https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/

 

For Redhat Products

For detail, please refer to the links below:

https://access.redhat.com/security/vulnerabilities/RHSB-2021-009#updates-for-affected-products

 

For SolarWinds Products

For detail, please refer to the links below:

https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228

 

For SonicWall Products

For detail, please refer to the links below:

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032

 

For Splunk Products

For detail, please refer to the links below:

https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

 

For Ubiquiti Products

For detail, please refer to the links below:

https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1

 

For Ubuntu

For detail, please refer to the links below:

https://ubuntu.com/security/CVE-2021-44228

[Updated on 2021-12-20]

https://ubuntu.com/security/notices/USN-5192-2

 

For Zoho Products

For detail, please refer to the links below:

https://pitstop.manageengine.com/portal/en/community/topic/apache-log4j-vulnerability-cve-2021-44228-1

 

For ZScaler Products

For detail, please refer to the links below:

https://www.zscaler.com/blogs/security-research/security-advisory-log4j-0-day-remote-code-execution-vulnerability-cve-2021

 

 

[Updated on 2021-12-16]

 

For SUSE

For detail, please refer to the links below:

https://www.suse.com/security/cve/CVE-2021-44228.html

 

For Intel Products

For detail, please refer to the links below:

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00646.html

 

For Microsoft Products

For detail, please refer to the links below:

https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/

 

For Sophos Products

For detail, please refer to the links below:

https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce

 

For Trend Micro Products

For detail, please refer to the links below:

https://success.trendmicro.com/solution/000289940

 

For Palo Alto PAN-OS

For detail, please refer to the links below:

https://security.paloaltonetworks.com/CVE-2021-44228

 

 

[Updated on 2021-12-17]

 

For NetApp Products

For detail, please refer to the links below:

https://security.netapp.com/advisory/ntap-20211210-0007/

 

For Salesforce Products

For detail, please refer to the links below:

https://help.salesforce.com/s/articleView?id=000363736&type=1

 

[Updated on 2021-12-21]

 

For HPE Products

For detail, please refer to the links below:

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04215en_us


Vulnerability Identifier


Source


Related Link