Description

Log4j Component Introduction
Log4j is a open-source project of Apache By using Log4j, the destination of log transfer can be controlled as console, file, GUI component, and even socket server, NT event logger, UNIX Syslog daemon, etc. The output format of each log can also be controlled. By defining the level of each log, log generation process can be controlled in a more detailed way.

Vulnerability Introduction
Log4j has a remote code execution vulnerability. The cause of this vulnerability is thatSocketServerclass does not perform effective security verification on the data obtained by eavesdropping, but directly deserializes it. Attackers can pass in malicious serialized data to exploit the vulnerability and launch remote code execution attack against the server.

Vulnerability Reproduction
Establish environment of Log4j 1.2.17 and use nc to send malicious serialized data to Log4j open port, as shown below:
Log4j Deserialization Remote Code Execution CVE-2019-17571
Impacts
Affectd Log4j versions:

Impacts: Apache Log4j 1.2.4 - 1.2.17

Timestamp
On Dec 20, 2019, NVD disclosed this vulnerability

On Jan 2, 2020, Sangfor Security Team conducted in-depth analysis on it and release early warning articles and solutions.

Solution

Remediation
1. Update Apache Log4j 2 to the latest version

2. Prohibit exposing socket ports opened by the SocketServer class to the Internet

Sangfor Solution

Sangfor NGAF has updated corresponding security protection feature. Simply turn it on.

Sangfor Cloud WAF has updated database immediately in the cloud. Users can be protected from high risk easily and rapidly without performing any operation.

Sangfor Cyber Command can detect attacks exploiting this vulnerability and perform real-time alert. It can also correlate with Sangfor NGAF to block IP address of attackers.

Listen To This Post

Search

Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Expert Tips on How to Improve Your Cyber Defense

Date : 12 Aug 2022
Read Now

Cyber Security

Ransomware Attacks in Asia on the Rise, Are You Next?

Date : 09 Aug 2022
Read Now

Cyber Security

How to Level Up Your Incident Response Plan

Date : 28 Jul 2022
Read Now

See Other Product

Platform-X
SASE Access
Sangfor SSL VPN
Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
icon notification