Log4j :-
Log4j is a popular logging framework used in java applications. It provides a flexible and configurable way to log messages and events. log4j aiding in debugging, trouble shooting and auditing.
-- Log4j records important information like error messages and user inputs in a program.
-- is a open-source software library, a package of prewritten code that developers can freely use.
Log4Shell :-
Log4j vulnerability, also known as Log4Shell, is a critical vulnerability discovered in the Apache Log4j logging library in November 2021.
-- is a remote code execution (RCE) vulnerability present in some versions of log4j.
-- is a Zero-day vulnerability meaning no patch was available when it discovered. Threat actors might use Log4Shell while Apache was working on a file.
-- The flaw affects Apache Log4J2 versions <= 2.14.1 and >= Log4J 2.15
-- all versions of Log4J1 are unaffected.
Impact of Log4Shell :-
Log4J is also one of the most widely used logging libraries, built into consumer end points, web applications and enterprise cloud services. According to Wiz, 93% of all cloud environments were at risk when Log4Shell was discovered.
Hackers need no special permissions or authentication. They can wreak havoc by typing malicious commands into public forms like chat boxes and login pages. And because Log4J can communicate with other services on the same system, hackers can use Log4J to pass payloads to other parts of the system.
Response to Log4Shell :-
-- Apache rolled out first patch on 10 December 2021 i.e., V2.15.0, this exposed CVE-2021-45046 which allowed hackers to send malicious commands to logs with certain non-default settings.
-- second patch V2.16.0 on 14 December 2021, this exposed CVE-2021-45105 which allowed hackers to start denial of service attacks.
-- third patch V2.17.0, this exposed CVE-2021-44832 which allowed hackers to seize control of a Log4J component called an "appender" to run remote code.
-- this was fixed with final patch. V2.17.1.
Persistence of Log4Shell :-
-- While Log4J 2.17.1 closed Log4Shell and all its related vulnerabilities on Apache's end cyberthreats still use the flaw.
-- As a recent post as May 2023, Log4Shell remained one of the most commonly used vulnerabilities.
-- hackers developed a savvy way to cover their tracks. According to CISA, some use Log4Shell to break into a network and then they patch the asset. users think it is safe, but the hackers are already in.
Mitigation and Remediation :-
-- The Latest versions of Log4j are free of Log4Shell. experts recommend that all instances of Log4j in systems are current.
-- Updating Log4J can be a slow-going process, as companies often need to dig deep into their assets to find it.
