12月9日晚,互联网上公开了Apache log4j2的一个严重级别的远程代码执行漏洞。由于Apache log4j2某些功能存在递归解析功能,攻击者可直接构造恶意请求触发远程代码执行漏洞,而无需特殊配置。Apache Struts2、Apache Solr、Apache Druid、Apache Flink等均受此漏洞影响。鉴于该框架应用范围极广,且漏洞利用代码已在互联网上公开,请各单位及时采取有效防护措施,防止安全事件发生。
一、漏洞描述
Apache log4j2是一款优秀的Java日志框架。该日志框架被大量用于业务系统开发时记录日志信息。大多数情况下,开发者可能会将用户输入导致的错误信息写入日志中。但由于Apache log4j2中的某些功能允许进行递归解析,攻击者可以构造恶意代码,触发错误并将恶意代码作为错误信息写入日志,进而利用递归解析执行。该漏洞对当前几乎全部的Apache log4j2版本生效,且无需系统进行任何特殊配置,威胁性极高。
二、漏洞影响版本
Apache Log4j 2.x < 2.15.0-rc2
三、检测方法与修复建议
检测方法
排查Java应用是否存在引入log4j-api、log4j-core的情况。若存在引入,则大概率存在漏洞。漏洞本地验证POC参考地址如下:
https://github.com/tangxiaofeng7/apache-log4j-poc
修复建议
1.及时更新补丁。在漏洞曝出后,Apache官方公开了修复补丁2.15.0-rc1,但该补丁只修复了ldap利用方式,未修复rmi利用方式,不可用;后续官方再次公开修复补丁2.15.0-rc2,修复后目前无直接利用方式,但疑似未完全完成修复。采用此方法进行修复时,请后续跟进官方的相应更新进展。
补丁下载地址:
https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc2
2.在因故不能更新版本的情况下,需采用各种临时防护措施进行加固:
(1)修改jvm参数 -Dlog4j2.formatMsgNoLookups=true
(2)在应用classpath下添加 log4j2.component.properties 配置文件,其内容为log4j2.formatMsgNoLookups=true
(3)将系统环境变量
FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS
设置为true
3.该漏洞公开的验证脚本中,均以dnslog.cn等部分dnslog平台作为命令执行情况验证。对于非许可范围内的访问情况提高风险防控意识。部分公共dnslog平台域名列举如下:
ceye.io
dnslog.link
dnslog.cn
dnslog.io
tu4.org
awvsscan119.autoverify.cn
burpcollaborator.net
s0x.cn
发布者:小站,转转请注明出处:http://blog.gzcity.top/4769.html
微信扫一扫 
支付宝扫一扫 
评论列表(12条)
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me? https://accounts.binance.com/ar/register-person?ref=V2H9AFPY
关于Apache log4j存在远程代码执行漏洞的预警_红孩笔记
https://beanopini.com.au/oregano-5-x-38g_shop/
关于Apache log4j存在远程代码执行漏洞的预警_红孩笔记
https://victorymarine.co.uk/web-design-trends-for-2020/
关于Apache log4j存在远程代码执行漏洞的预警_红孩笔记
https://discount-senegal.com/boutique/maison-et-deco/bianca-chambre-a-coucher-litarmoire2-chevets-coiffeuse/
关于Apache log4j存在远程代码执行漏洞的预警_红孩笔记
https://www.davidstreetproductions.com/uncategorized/hello-world/
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
McMahon CJ, Pignatelli RH, Nagueh SF, et al priligy side effects In some cases, radiation therapy may cause a decrease in the type of blood cells that help protect the body against infection, bleeding and anemia
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
International Patients Clinical Trials [url=https://fastpriligy.top/]priligy and viagra[/url] 14 cases and thrombotic events 99 vs
BWER is Iraq’s go-to provider for weighbridges, ensuring durability, accuracy, and cost-efficiency in all weighing solutions, backed by exceptional customer support and maintenance services.
Frank RD, Lanzmich R, Haager PK, Budde U should i take 1mg or 5mg of propecia The authors concluded that the use of GnRH- ant during natural IVF cycles can be an optional treatment in poor responders
关于Apache log4j存在远程代码执行漏洞的预警_红孩笔记
https://dawnhigher.be/you-broke-my-heart-you-broke-my-heart/