Millions of Java Apps Remain Vulnerable to Log4Shell

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,458
Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found.

Researchers at security firm Rezilion analyzed the current potential attack surface for the vulnerability in the popular open-source Apache Log4j framework that threatened to break the internet when it was discovered in December. The flaw in the ubiquitous Java logging library Apache Log4j is easily exploitable and can allow unauthenticated remote code execution (RCE) and complete server takeover. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications would already be patched, Head of Vulnerability Research Yotam Perkal wrote in a report published Tuesday. However, their analysis found a very different story, he said. “We learned that the landscape is far from ideal and many applications vulnerable to Log4Shell still exist in the wild,” Perkal wrote in the report.
many applications are still using Log4J version 1.x and likely aren’t patched because the original Log4Shell vulnerability, tracked as CVE-201-44228, doesn’t apply to this version, researchers noted. However, this is a misconception as that version has been “in an end-of-life state since August 2015 (which means it does not get any security updates), and contains plenty of other vulnerabilities, including RCE vulnerabilities, Perkal noted. “This should definitely worry organizations that are still using it,” he wrote.
Perhaps most worrying about the vulnerable attack surface is that Log4Shell remains a hot target for threat actors, researchers noted. Indeed, attackers immediately set upon the bug once it was discovered—already under active exploitation—and haven’t let up much since. While Apache released a patch for Log4Shell within a day of discovery, it, too, had issues that could lead to DoS attacks—and apparently still hasn’t been applied in many cases.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top