forked from p15670423/monkey
Docs: Some small tweaks to the Log4Shell documentation
This commit is contained in:
parent
a7b31dd9e4
commit
29ea2a961c
|
@ -5,20 +5,33 @@ draft: false
|
||||||
tags: ["exploit", "linux", "windows"]
|
tags: ["exploit", "linux", "windows"]
|
||||||
---
|
---
|
||||||
|
|
||||||
The Log4Shell exploiter exploits [CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228).
|
The Log4Shell exploiter exploits
|
||||||
|
[CVE-2021-44228](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228).
|
||||||
|
|
||||||
|
|
||||||
### Description
|
### Description
|
||||||
|
|
||||||
Some versions of Apache Log4j, a Java logging framework, have a logging feature called “Message Lookup Substitution” enabled by default. This allows replacing certain special strings by dynamically-generated strings at the time of logging. If log messages or log message parameters can be controlled by an attacker, arbitrary code can be executed. The Log4Shell exploiter takes advantage of this vulnerability to propagate to a victim machine.
|
Some versions of Apache Log4j, a Java logging framework, have a logging feature
|
||||||
|
called "Message Lookup Substitution" enabled by default. This allows replacing
|
||||||
|
certain special strings by dynamically-generated strings at the time of
|
||||||
|
logging. If log messages or log message parameters can be controlled by an
|
||||||
|
attacker, arbitrary code can be executed. The Log4Shell exploiter takes
|
||||||
|
advantage of this vulnerability to propagate to a victim machine.
|
||||||
|
|
||||||
To learn about the appropriate mitigations and read more, click [here](https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.15.0_.28Java_8.29).
|
You can learn more about this vulnerability and potential mitigations
|
||||||
|
[here](https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.15.0_.28Java_8.29).
|
||||||
|
|
||||||
|
|
||||||
### Services exploited
|
### Services exploited
|
||||||
|
|
||||||
The following services are attempted to be exploited:
|
The Infection Monkey will attempt to exploit the Log4Shell vulnerability in the
|
||||||
|
following services:
|
||||||
|
|
||||||
- Apache Solr
|
- Apache Solr
|
||||||
- Apache Tomcat
|
- Apache Tomcat
|
||||||
- Logstash
|
- Logstash
|
||||||
|
|
||||||
|
**Note**: Even if none of these services are running in your environment,
|
||||||
|
running the Log4Shell exploiter can be a good way to test your IDS/IPS or EDR
|
||||||
|
solutions. These solutions should detect that the Infection Monkey is attempting
|
||||||
|
to exploit the Log4Shell vulnerability and raise an appropriate alert.
|
||||||
|
|
Loading…
Reference in New Issue