Log4J-Update-Blog

Everything you need to know about the Log4j vulnerability

Threat Landscape

Everything you need to know about the Log4j vulnerability

Over the weekend, a critical security vulnerability was found in a server software that is widely used around the world and could have dire consequences for users.

The case is so serious, in fact, that the German Federal Office for Information Security (BSI) raised the warning level from “orange” to “red” – a clear sign of how serious the situation really is.

What exactly is the Log4j vulnerability?

The source of the vulnerability is a Java library called Log4j, which can be used to log and record application messages. In addition to logging, Log4j has various mechanisms for interpreting transmitted strings. The disclosed vulnerability in Log4j allows an attacker to exploit this mechanism to execute commands from an external system.

That is: an attacker uses the vulnerability, sends the command to contact a server of the attacker in order to inject malicious Java code from there. In extreme cases, this would mean that the server could be completely taken over and the actual owner locked out. An absolute disaster scenario.

Who is affected by the Log4j vulnerability?

In theory, everyone who runs a server with the Java language and has the versions from 2.0 to 2.14.1 of Log4j enabled as a library is affected. It is therefore strongly recommended to update to the current version 2.16.0.

A growing list of companies and public entities are impacted by this exploit including Apple, Tencent, Twitter, Baidu, Steam, Minecraft, Cloudflare, Amazon, Tesla, Palo Alto Networks, IBM, Pulse Secure, Ghidra, ElasticSearch, Apache, Google, Webex, LinkedIn, Cisco and VMware. The impact also goes much further than large corporations with any service that logs user controlled strings (user agents, referrers, etc) being vulnerable to this exploit.

Server compromises have already been reported to the BSI, and initial estimates suggest that it will not stop there. Mass scans” have already been detected worldwide, indicating that attackers are on the lookout for potential targets. However, according to the BSI, it is still significantly too early for a comprehensive assessment, as the full extent of the situation is still not clear.

Can Link11 protect me from the Log4j vulnerability?

Link11’s systems and services are not affected by the current situation, as we do not work with the corresponding Java library ourselves. If our security solutions had been compromised, we would have reacted immediately with a software update to guarantee the smooth operation of our protection solutions.

For customer systems or their services, we offer our in-house WAF (Web Application Firewall), which provides comprehensive security. For this purpose, we implemented a new rule over the weekend that protects the underlying systems from an attack via the Log4j protocol. So if you are a customer of our Web DDoS service, you can activate this newly provided rule at any time to ensure maximum protection performance.

If you have any questions or are interested in Link11’s Zero-Touch WAF, please feel free to contact us. Also, in case of an emergency, we will be happy to provide you with advice and assistance at any time. Our team will take care of your request as soon as possible.