StackHawk Documentation StackHawk Logo HawkDocs
vulnerabilities
40043

No results found

Try different keywords or check your spelling

Search documentation

Find guides, API references, and more

esc
Back to Index

Log4Shell (CVE-2021-44228)

Reference
Plugin ID: 40043 CWE: 117 High Active Command Injection

Remediation

The Log4Shell vulnerability can be fixed by upgrading the Log4j2 library to version 2.17.0 or higher. If the library has already been upgraded, then the JNDI lookup feature may have been enabled by setting the log4j2.enableJndiLookup=true as a system property. Removing this setting will configure up-to-date versions correctly. Ultimately, this is an input sanitization issue. Never trust user-supplied input.

About

Apache Log4j2 version 2.14.1 and earlier versions have a vulnerability (CVE-2021-44228) related to the usage of JNDI features in configuration, log messages, and parameters. This vulnerability allows an attacker to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled and the attacker can control log messages or log message parameters. However, starting from log4j version 2.15.0, this behavior has been disabled by default.

Risks

Exploiting the Log4Shell vulnerability can lead to serious risks for the affected application server. An attacker can leverage this vulnerability to download and run malware on the server. The potential impact includes the installation of remote access tools, bitcoin miners, crypto lockers, minecraft servers, and other malicious software.

Resources

https://www.stackhawk.com/blog/log4shell-issue-overview-and-stackhawk-response-to-log4j-remote-code/
https://logging.apache.org/log4j/2.x/

Your privacy settings

We use first and third party cookies to ensure that we give you the best experience on our website and in our products.

Privacy Policy