AhnLab recommends security updates for Apache Log4j vulnerability.
Vulnerability
- Vulnerability (CVE-2021-44228, CVSS 10.0) that the attacker can remote code execute via a log message in Log4j 2.x version [1]
- Vulnerability (CVE-2021-45046, CVSS 3.7) in Log4j 2.x version that allows the attacker to cause Denied of Service via a log message [2]
- Vulnerability (CVE-2021-4104) that the attacker can remote code execute via a log message in Log4j 1.2.x version [3]
Versions Affected by Vulnerability
- CVE-2021-44228 – Apache Log4j 2.0-beta9 to 2.14.1 (excluding Log4j 2.12.2)
- CVE-2021-45046 – Apache Log4j 2.0-beta9 to 2.12 and 2.15.0
- CVE-2021-4104 – Apache Log4j 1.2.x
(Note) CVE-2021-45046 occurs when using Context Lookup or Thread Context Lookup pattern for Pattern Layout in the Log4j 2.x version
(Note) CVE-2021-4104 occurs when using JMSAppender feature in the Log4j 1.2.x version
An immediate update is required for CVE-2021-44228 vulnerability, which is most critical (CVSS 10.0). It is advised for the users to check if the systems that are being operated have vulnerable Log4j Core libraries. The list below shows the list of files for each Log4j-Core version that are affected by the CVE-2021-44228 vulnerability. The hash for each version may be different if the Log4j source code is manually built in the individual environment.
Reference [1] https://archive.apache.org/dist/logging/log4j/
Reference [2] https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-core/
Number | MD5 Hash | Log4j Core Version |
1 | fbfa5f33ab4b29a6fdd52473ee7b834d | log4j-core-2.0.1.jar |
2 | 8c0cf3eb047154a4f8e16daf5a209319 | log4j-core-2.0.2.jar |
3 | 152ecb3ce094ac5bc9ea39d6122e2814 | log4j-core-2.0-beta9.jar |
4 | 088df113ad249ab72bf19b7f00b863d5 | log4j-core-2.0-rc1.jar |
5 | de8d01cc15fd0c74fea8bbb668e289f5 | log4j-core-2.0-rc2.jar |
6 | 8d331544b2e7b20ad166debca2550d73 | log4j-core-2.1.jar |
7 | 5e4bca5ed20b94ab19bb65836da93f96 | log4j-core-2.2.jar |
8 | 110ab3e3e4f3780921e8ee5dde3373ad | log4j-core-2.3.jar |
9 | f0c43adaca2afc71c6cc80f851b38818 | log4j-core-2.4.1.jar |
10 | 0079c907230659968f0fc0e41a6abcf9 | log4j-core-2.4.jar |
11 | dd0e3e0b404083ec69618aabb50b8ac0 | log4j-core-2.5.jar |
12 | 48f7f3cda53030a87e8c387d8d1e4265 | log4j-core-2.6.1.jar |
13 | 472c8e1fbaa0e61520e025c255b5d168 | log4j-core-2.6.2.jar |
14 | 5523f144faef2bfca08a3ca8b2becd6a | log4j-core-2.6.jar |
15 | 2b63e0e5063fdaccf669a1e26384f3fd | log4j-core-2.7.jar |
16 | 547bb3ed2deb856d0e3bbd77c27b9625 | log4j-core-2.8.1.jar |
17 | 4a5177a172764bda6f4472b94ba17ccb | log4j-core-2.8.2.jar |
18 | c6d233bc8e9cfe5da690059d27d9f88f | log4j-core-2.8.jar |
19 | fab646257f945b0b2a7ce3e1c3e3ce5f | log4j-core-2.9.0.jar |
20 | a27e67868b69b7223576d6e8511659dd | log4j-core-2.9.0.jar |
21 | 942f429eacb8015e18d8f59996cfbee6 | log4j-core-2.9.1.jar |
22 | a3a6bc23ffc5615efcb637e9fd8be7ec | log4j-core-2.9.1.jar |
23 | dc99011f047e63dcc741b5ab68d116db | log4j-core-2.10.0.jar |
24 | 0042e7de635dc1c6c0c5a1ebd2c1c416 | log4j-core-2.10.0.jar |
25 | 2abec2ce665e0d529a3f28fffbbb2dd3 | log4j-core-2.11.0.jar |
26 | 90c12763ac2a49966dbb9a6d98be361d | log4j-core-2.11.0.jar |
27 | b2242de0677be6515d6cefbf48e7e5d5 | log4j-core-2.11.1.jar |
28 | 71d3394226547d81d1bf6373a5b0e53a | log4j-core-2.11.1.jar |
29 | c8bd8b5c5aaaa07a3dcbf57de01c9266 | log4j-core-2.11.2.jar |
30 | 8da9b75725fb3357cb9872adf7711f9f | log4j-core-2.11.2.jar |
31 | 5c527821d1084a7ef3e03d40144ff532 | log4j-core-2.12.0.jar |
32 | 7943c49b634b404144557181f550a59c | log4j-core-2.12.0.jar |
33 | 0138ba1c191d5c754fd0e3c3a61c0307 | log4j-core-2.12.1.jar |
34 | df949e7d73479ab717e5770814de0ae9 | log4j-core-2.12.1.jar |
35 | b71a13fd5df251694fca116240003b22 | log4j-core-2.13.0.jar |
36 | 2803991d51c98421be35d2db4ed3c2ac | log4j-core-2.13.0.jar |
37 | d365e48221414f93feef093a1bf607ef | log4j-core-2.13.1.jar |
38 | 5ff1dab00c278ab8c7d46aadc60b4074 | log4j-core-2.13.1.jar |
39 | 0ac5b3e6e69ba7765683798e669a30b2 | log4j-core-2.13.2.jar |
40 | b8e0d2779abbf38586b869f8b8e2eb46 | log4j-core-2.13.2.jar |
41 | cc7d55ed69cc5fd34035b15c6edf79a0 | log4j-core-2.13.3.jar |
42 | 46e660d79456e6f751c22b94976f6ad5 | log4j-core-2.13.3.jar |
43 | 862c00b2e854f9c0f1e8d8409d23d899 | log4j-core-2.14.0.jar |
44 | 62ad26fbfb783183663ba5bfdbfb5ace | log4j-core-2.14.0.jar |
45 | 948dda787593340a7af1a18e328b7b7f | log4j-core-2.14.1.jar |
46 | 3570d00d9ceb3ca645d6927f15c03a62 | log4j-core-2.14.1.jar |
As Log4j is a common open-source logging library used to leave logs in the Java-based environment, it is used by the majority of users. Yet according to research by the ASEC analysis team on the client environment, there are still a number of users that use the vulnerable Log4j core without the security update despite the critical security vulnerability. The number includes servers that can be externally accessed as well as application or framework environments used by individuals.
- C:\ghidra\Ghidra\Framework\Generic\lib\log4j-core-2.12.1.jar
- C:\Users\<user name>\AppData\Roaming\.minecraft\libraries\org\apache\logging\log4j\log4j-core\2.14.1\log4j-core-2.14.1.jar
- C:\eGovFrame-3.6.0\maven\repository\org\apache\logging\log4j\log4j-core\2.1\log4j-core-2.1.jar
- C:\Apache Software Foundation\Tomcat 8.5\webapps\ROOT_210928\WEB-INF\lib\log4j-core-2.8.2.jar
- D:\<*****>_erp_server\<***>ERP_<*****>\webapps\ROOT\WEB-INF\lib\log4j-core-2.10.0.jar
- C:\Users\USER\AppData\Local\MapTool\app\log4j-core-2.13.0.jar
- C:\<user name>\Teamcenter13\tccs\third_party\TcSS\TcSS13.3\jars\log4j-core-2.14.0.jar
- \\<Private Server>\..\..\..\…\<***>project\workspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp0\wtpwebapps\<***>project\WEB-INF\lib\log4j-core-2.11.2.jar
- \Users\<user name>\eclipse-server\<*********>\WebContent\WEB-INF\lib\log4j-core-2.11.1.jar
Users should check whether the application or framework environments used include vulnerable Log4j Core libraries. If there are versions that are vulnerable, it is advised for the users to proceed with the security update.
Subscribe to AhnLab’s next-generation threat intelligence platform ‘AhnLab TIP’ to check related IOC and detailed analysis information.
The post [Notice] Log4j Affected by Apache Log4j Vulnerability CVE-2021-44228 appeared first on ASEC BLOG.
Article Link: [Notice] Log4j Affected by Apache Log4j Vulnerability CVE-2021-44228 - ASEC BLOG