A severe remote code execution (RCE) vulnerability has been disclosed on the internet yesterday, affecting the widely-used Apache Log4j Java-based logging library. This vulnerability(tracked as CVE-2021-44228), aka Log4Shell could be weaponized to execute malicious code and allow a complete takeover of vulnerable systems. The bug has scored a perfect 10 on 10 in the CVSS rating system, indicative of the severity of the issue.

Researchers from Anxinsec reproduced the exploit of Log4Shell and proved that the webshell protection module in our memory protection system can successfully hunt this vulnerability without any extra upgrade.

Figure 1: Real-time detection of Anxinsec discovered this attack

Figure 2: Details of this attack

Attack details

There are errors in the logger of Log4j allowing threat actors to drop malicious string as long as they can control log messages or log message parameters, triggering the bug and executing arbitrary code, and then taking over the victim system.

Impacted versions include Apache Log4j2 2.0 to 2.14.1.

Other solutions

We suggest that users without the protection of memory protection system of Anxinsec check the version of Log4j2 your organizations adopt, and update to the safe version Log4j-2.15.0-rc2.

Download link: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc2

To sum up

Memory protection system of Anxinsec has proven to be effective in defense this kind of threat in real-time without any upgrade. We can save you from a disaster without any patches.