Quebec shuts down thousands of sites as disclosure of the Log4Shell flaw

Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library.

Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw (CVE-2021-44228) in the Apache Log4j Java-based logging library.

On Friday, 10, 2021, Chinese security researcher p0rz9 publicly disclosed the PoC exploit code for this issue and revealed that the CVE-2021-44228 can only be exploited if the log4j2.formatMsgNoLookups option is set to false.

Log4j is an open-source library widely used by both enterprise apps and cloud services, including Apple iCloud and Steam.

A remote, unauthenticated attacker can exploit the CVE-2021-44228 to execute arbitrary code on a vulnerable system leading to a complete system takeover.

The vulnerability was discovered by researchers from Alibaba Cloud’s security team that notified the Apache Foundation on November 24. According to the experts, the vulnerability is easy to exploit and does not require special configuration, for this reason, it received a CVSSv3 score of 10/10. Researchers pointed out that Apache Struts2, Apache Solr, Apache Druid, Apache Flink are all affected by this vulnerability.

Open-source projects like ElasticSearch, Elastic Logstash, Redis, and the NSA’s Ghidra also use the library.

IT giants like Apple, Amazon, Twitter, Cloudflare, Steam, Tencent, Baidu, and NetEase are running servers potentially affected by the issue.

Security experts are already observing mass scanning activity for this vulnerability.

Today Canadian Minister Responsible for Digital Transformation and Access to Information Eric Caire confirmed the decision of the government to shut down the sites that are being scanned for potentially malicious purposes resulting from the exploitation of the Log4Shell flaw.

The government closed 3,992 sites including the education and higher education ministries’ sites.

“On Friday the 10th, we received, like everyone else on the planet, a status report on a computer security flaw that affects many systems,” Caire explained in a news conference. “We need to scan all of our systems,” said Caire. “We’re kind of looking for a needle in a haystack.”

The Minister explained that it is a preventive measure and they are not aware of any security breach caused by the exploitation of the issue.

“It’s a decision preventive not reactive,” added Caire.

Some of the sites that have been tacked offline are back online.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Log4Shell)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.