The Cyber Security Catastrophe of the Year’21 Log4j Logging Library Vulnerability

The Log4Shell exploit gives attackers a simple way to execute code on any vulnerable machine. CVE-2021-45046, second version of vulnerability emerges from the incomplete patch to the CVE-2021-44228 that leads attackers to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. CVE-2021-45046, rated 9.0 (critical) on the CVSS scale.

CVE-2021-45105, third version of vulnerability emerges when the attacker’s control over Thread Context Map (MDC) input data which can craft malicious input data that contains a recursive lookup and can cause Denial of Service.CVE-2021-45105, rated 7.5 (high) on the CVSS scale.

CVE-2021-4104, fourth version of vulnerability emerges when the attacker has write access to the Log4j configuration using JMSAppender which is vulnerable to deserialization of untrusted data.CVE-2021-4104, rated 8.1 (high) on the CVSS scale.

CD Bytes! As a trusted Qualys partner Cloud Destinations helps organizations in quick detection and remediation of log4j vulnerabilities with its advanced out-of-band detection mechanisms. Qualys is also continuously updating their platform to make accurate detections of applications vulnerable to log4shell. For more information & engagement please refer https://clouddestinations.com and write to info@clouddestinations.com

Back Blogs