Last night there was a Apache Log4j2 High risk vulnerabilities have been exposed , This remote code execution vulnerability is an epic vulnerability .

Apache Log4j2 How many companies are using this component , I don't need to say more about this , There are too many . I don't know how many programmers got up in the middle of the night last night to change their code ？

The official expression of the vulnerability principle is ：Apache Log4j2 in JNDI Inject holes , When the program logs the data entered by the user , This vulnerability can be triggered , Successful exploitation of this vulnerability can execute arbitrary code on the target server .

To put it simply, it means ： When printing logs , If your blog contains keywords  ${ , The attacker can replace the content contained in the keyword as a variable with any attack command , And perform .

Vulnerability detection scheme

1、 Monitor whether there is relevant information through flow monitoring equipment DNSLog Domain name request

2、 By monitoring whether there is... In the relevant logs “jndi:ldap://”、“jndi:rmi” Wait for characters to find possible attacks .

Bug fixes

Apache The official has released a test patch , The successful users should upgrade the latest security version ,

Patch download ：https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc1

Encounter such a wide range of vulnerabilities , For white hat, it's Chinese New Year . Batch brush vulnerability 、 Batch submission vulnerability , Party a SRC The bosses hurry to hand in the rice , This wave is enough to eat for half a year ～～

It's already coming out of the circle , The next hole to feed safety engineers is log4j ！

But just when everyone was ready to submit vulnerabilities , Suddenly found this loophole, people won't accept it ！

Wanting is also , This loophole has been made public , Isn't it a waste of your budget to let everyone submit it like this .

source ：
https://mp.weixin.qq.com/s/k2LeP612Hdmvyi6LS1qX-g