[內容說明:] 轉發 數聯資安(ISSDU)情資編號:ISSDU-ANA-202112-0002由於許多知名的大型應用系統如推特、iCloud、Minecraft等都使用了Log4j,且這項漏洞極為容易被利用,Apache Log4j 2是基於Java的日誌框架,近日他們發布了新版本2.15.0,當中修補了一項遠端程式碼執行漏洞, 情資分享等級: WHITE(情資內容為可公開揭露之資訊) |
[影響平台:] Apache Log4j 2.15.0 版本之前的任何版本 |
[建議措施:] 此問題已在 Log4J v2.15.0 中修復。Apache 日誌服務團隊提供以下緩解建議:在以前的版本中,可以通過將系統屬性log4j2.formatMsgNoLookups設置為TRUE或從類路徑中刪除 JndiLookup 類來緩解這種行為如果無法升級,請確保在客戶端和服務器端組件上都將參數Dlog4j2.formatMsgNoLookups設置為TRUE。目前已有資安設備廠商已釋出相關攻擊特徵,分別有以下列表,建議擁有這些資安設備,將該特徵設定為阻擋,以避免遭外部攻擊者成功入侵Checkpoint:Apache Log4j Remote Code Execution (CVE-2021-44228)Deep Security:Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)Fidelis:FSS_CVE-2021-44228 - Apache Log4j Inject RequestFirepower:SERVER-OTHER Apache Log4j logging remote code execution attemptSERVER-APACHE Apache Log4j2 CVE- 2021-44228 Remote Code Execution VulnerabilityFortigate:Apache.Log4j.Error.Log.Remote.Code.ExecutionPalo Alto:Apache Log4j Remote Code Execution VulnerabilityMcafee:UDS-HTTP: Apache Log4j2 Remote Code Execution VulnerabilityHTTP: Apache Log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)TippingPoint:HTTP: JNDI Injection in HTTP RequestIBM:HTTP_Log4J_JndiLdap_ExecDDI: HTTP_POSSIBLE_USERAGENT_RCE_EXPLOIT_REQUESTCVE-2021-44228 - OGNL EXPLOIT - HTTP(REQUEST)POSSIBLE HTTP HEADER OGNL EXPRESSION EXPLOIT - HTTP(REQUEST)POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT - HTTP (REQUEST) - Variant 2Sophos:SERVER-OTHER Apache Log4j logging remote code execution attemptSERVER-APACHE Apache Log4j2 CVE- 2021-44228 Remote Code Execution Vulnerability |
[參考資料:] |