Log4j Component Introduction
Log4j is a open-source project of Apache By using Log4j, the destination of log transfer can be controlled as console, file, GUI component, and even socket server, NT event logger, UNIX Syslog daemon, etc. The output format of each log can also be controlled. By defining the level of each log, log generation process can be controlled in a more detailed way.

Vulnerability Introduction
Log4j has a remote code execution vulnerability. The cause of this vulnerability is thatSocketServerclass does not perform effective security verification on the data obtained by eavesdropping, but directly deserializes it. Attackers can pass in malicious serialized data to exploit the vulnerability and launch remote code execution attack against the server.

Vulnerability Reproduction
Establish environment of Log4j 1.2.17 and use nc to send malicious serialized data to Log4j open port, as shown below:
Log4j Deserialization Remote Code Execution CVE-2019-17571
Affectd Log4j versions:

Impacts: Apache Log4j 1.2.4 - 1.2.17

On Dec 20, 2019, NVD disclosed this vulnerability

On Jan 2, 2020, Sangfor Security Team conducted in-depth analysis on it and release early warning articles and solutions.


1. Update Apache Log4j 2 to the latest version

2. Prohibit exposing socket ports opened by the SocketServer class to the Internet

Sangfor Solution

Sangfor NGAF has updated corresponding security protection feature. Simply turn it on.

Sangfor Cloud WAF has updated database immediately in the cloud. Users can be protected from high risk easily and rapidly without performing any operation.

Sangfor Cyber Command can detect attacks exploiting this vulnerability and perform real-time alert. It can also correlate with Sangfor NGAF to block IP address of attackers.

Listen To This Post


Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Phishing Statistics and How to Prevent Phishing In 2023 

Date : 25 May 2023
Read Now

Cyber Security

The UAE Cybersecurity Council Cautions Against Cyber-Attacks

Date : 11 May 2023
Read Now

Cyber Security

ChatGPT and You - Or I’m No Fool with Weaponized AI

Date : 24 Apr 2023
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
Sangfor Access Secure
icon notification