Second Log4j vulnerability discovered, patch already released – ZDNet

Like And Share

The Dutch National Cyber Security Center published a comprehensive list of software that are affected by the flaw.

Security company ESET from the United States. ESET published a map of the areas where Log4j exploits were made The highest number of attempts being across countries like the US, UK, Turkey, Germany, and the Netherlands.

Another vulnerability in Apache Log4j was discovered on Tuesday, after experts from cybersecurity spent trying to patch or reduce CVE-2021-44228.

The description of this new security issue, CVE 2021-45046, says the fix for CVE-2021-44228 of the Apache Log4j 2.15.0 was “incomplete for certain configurations that are not default.”

“This could permit the attackers… the ability to design malicious input data by using JNDI Lookup pattern that could result in a denial-of-service (DOS) threat,” the CVE description states.

Apache has released the patch, Log4j 2.16.0, for this problem. The CVE declares that Log4j 2.16.0 solves the issue by cutting the support for message lookup patterns and removing JNDI function by default. The CVE notes that the issue could be fixed in earlier versions by eliminating the JndiLookup classes in the classpath.

John Bambenek, principal threat hunter at Netenrich said to ZDNet the best way to solve the problem is to block JNDI functionality completely (which will be the standard setting in the current version).

“At least , a dozen or more groups are exploiting these vulnerabilities, therefore immediately action is required to patch, disable JNDI or remove it off of your classpath (preferably each of them),” Bambenek said.

The flaw that caused the initial issue in Log4j, an Java library that logs error messages within applications, has been the subject of headlines since the beginning of last week. The flaw was discovered on the 1st of December according to Cloudflare and an initial warning by CERT New Zealand sparked more alerts by CISA as well as the United Kingdom’s National Cyber Security Centre.

Like And Share
%d bloggers like this: