Hacking

A zero-day exploit for Log4j Java library could have a tsunami impact on IT giants

Experts publicly disclose Proof-of-concept exploits for a critical zero-day vulnerability in the Apache Log4j Java-based logging library.

Experts publicly disclose Proof-of-concept exploits for a critical remote code execution zero-day vulnerability, tracked a CVE-2021-44228 (aka Log4Shell), in the Apache Log4j Java-based logging library.

The Chinese security researcher p0rz9 who publicly disclosed the PoC exploit code revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups option is set to false.

The Log4j is widely used by both enterprise apps and cloud services, including Apple iCloud and Steam.

A remote, unauthenticated attacker can exploit the CVE-2021-44228 to execute arbitrary code on a vulnerable system leading to a complete system takeover.

The vulnerability was discovered by researchers from Alibaba Cloud’s security team that notified the Apache Foundation on November 24. According to the experts, the vulnerability is easy to exploit and does not require special configuration, for this reason, it received a CVSSv3 score of 10/10. Researchers pointed out that Apache Struts2, Apache Solr, Apache Druid, Apache Flink are all affected by this vulnerability. 

Open-source projects like ElasticSearch, Elastic Logstash, Redis, and the NSA’s Ghidra also use the library.

IT giants like Apple, Amazon, Twitter, Cloudflare, Steam, Tencent, Baidu, and NetEase are running servers potentially affected by the issue.

“An attacker can use this vulnerability to construct a special data request packet, which eventually triggers remote code execution. Due to the wide range of impact of this vulnerability, users are advised to investigate related vulnerabilities in a timely manner.” reads the post published by the Alibaba Cloud security team. “After analysis and confirmation by the White Hat Security Research Institute, there are currently many popular systems on the market that are affected. Almost very tech giants is the victim of this Log4j Remote Code Execution vulnerability.”

Researchers from Bad Packets are already observing mass scanning activity for this vulnerability.

Lunasec, who tracked this vulnerability as LogJam, confirmed the wide impact of this issue.

“Many, many services are vulnerable to this exploit. Cloud services like Steam, Apple iCloud, and apps like Minecraft have already been found to be vulnerable. Anybody using Apache Struts is likely vulnerable. We’ve seen similar vulnerabilities exploited before in breaches like the 2017 Equifax data breach. Many Open Source projects like the Minecraft server, Paper, have already begun patching their usage of log4j” reported Lunasec.

Apache addressed the issue with the release of a Log4j release candidate version (2.15.0-rc1), but security researchers already discovered a bypass and urge impacted organizations to update to the latest RC build log4j-2.15.0-rc2.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Log4j)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

U.S. CISA adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows flaws to its Known Exploited…

1 hour ago

Ivanti fixed two EPMM flaws exploited in limited attacks

Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited…

3 hours ago

Microsoft Patch Tuesday security updates for May 2025 fixed 5 actively exploited zero-days

Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including…

12 hours ago

Fortinet fixed actively exploited FortiVoice zero-day<gwmw style="display:none;"></gwmw><gwmw style="display:none;"></gwmw>

Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice…

14 hours ago

How Interlock Ransomware Affects the Defense Industrial Base Supply Chain

Interlock Ransomware 's attack on a defense contractor exposed global defense supply chain details, risking…

1 day ago

Marks and Spencer confirms data breach after April cyber attack

Marks and Spencer (M&S) confirms that threat actors stole customer data in the ransomware attack…

1 day ago