On November 24, 2021, the Alibaba Cloud security team reported the Apache Log4j2 remote code execution vulnerability to Apache officials.
01 Vulnerability description
Apache Log4j2 is an excellent Java logging framework. On November 24, 2021, the Alibaba Cloud security team reported the Apache Log4j2 remote code execution vulnerability to Apache officials. Due to the recursive parsing function of some functions of Apache Log4j2, attackers can directly construct malicious requests and trigger remote code execution vulnerabilities. No special configuration is required to exploit the vulnerability. It has been verified by the Alibaba Cloud security team that Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc. are all affected. Alibaba Cloud Emergency Response Center reminds Apache Log4j2 users to take security measures as soon as possible to prevent vulnerability attacks.
02Vulnerability Rating
Apache Log4j has serious remote code execution vulnerability
Vulnerability details Vulnerability PoC Vulnerability EXP Exploitation in the wild
leakHolethinFestival | leakHolePoC | leakHoleEXP | existwildprofituse |
maleopen | maleopen | maleopen | liveexist |
03 Affected versions
Apache Log4j 2.x <= 2.15.0-rc1
04 Safety Advice
1. Upgrade all related applications of Apache Log4j2 to the latest log4j-2.15.0-rc2 version, address: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc2
2. Upgrade known affected applications and components, such as srping-boot-strater-log4j2/Apache Solr/Apache Flink/Apache Druid
05 Related links:
https://help.aliyun.com/noticelist/articleid/1060971232.html
Original article by AliCloud Security, if reproduced, please refer to the source: https://cncso.com/en/apache-log4j-rce-vulnerability-html