Mitigation Instructions for CVE-2016-4437
Mitigating CVE-2016-4437: Remote Code Execution Vulnerability in Apache ActiveMQ
2 min read
CyRisk Vulnerability Management Team : Mar 21, 2023 3:13:09 PM
SUBJECT: Apache Log4j (also called Log4Shell) Vulnerability CVE-2021-45105
TECH STACK: APACHE LOG4J2 2.0-ALPHA THROUGH 2.16.0
CRITICALITY RATING: 10 out of 10. Extremely Critical.
OVERVIEW:
On December 9, 2021, security researchers discovered a critical vulnerability in a widely used, Java-based software library called Log4J. As the name suggests, Log4J is used for logging requests, and it is estimated that the vulnerability may be present in over 100 million instances around the world.
The widespread inclusion of this component as a direct or indirect dependency means that even when you identify and patch systems you directly develop or manage, it is possible that the vulnerability still exists in your environment as an indirect dependency used by some other dependency. Further, the code may not even appear as a separate file but may be incorporated into the jar file of some other component.
Apache Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and
2.3.1) are vulnerable to a remote code execution (RCE) attack where an attacker can
execute remote code on the server with the same privileges as the Java-based
application that invoked Apache Log4j v2, when message lookup substitution is enabled. This allows the attacker to take full control of the vulnerable system.
It is important to identify and patch all systems with the Log4Shell vulnerability. In some cases, vendors have mitigated the vulnerability, but end users must still take actions to fully implement the fix. If vulnerable systems have been exposed to the internet, patching will prevent future exploitation, but will not eradicate malware already present on compromised systems. Due to the ease of exploitation, and the fact that attackers exploiting the Log4J vulnerability can gain full control of compromised systems, it is highly recommended that vulnerable systems be investigated for indicators of compromise.
THREAT INTELLIGENCE:
The first active exploitation of this vulnerability in the wild has been reported as of December 1, 2021. Exploit code is publicly available for this vulnerability.
SOLUTION:
In order to mitigate Log4j vulnerabilities in solution stacks that accept data from the internet, immediately apply appropriate patches (or apply workarounds if unable to upgrade), conduct a security review, and report compromises to your insurance company claims contact number at: (855) 440-3400. Please double check that this is the same claims number that is listed on your policy.
To reduce the risk posed by the Log4Shell vulnerabilities, please take the following steps:
REFERENCES:
Apache Log4j Security Vulnerabilities:
https://logging.apache.org/log4j/2.x/security.html
Download Apache Log4j 2
https://logging.apache.org/log4j/2.x/download.html
NIST National Vulnerability Database CVE-2021-44228 Detail
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
Cybersecurity & Infrastructure Security Agency (CISA) Apache Log4j Vulnerability Guidance
https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance
CISA Log4j (CVE-2021-44228) Affected Vendor & Software List
https://github.com/cisagov/log4j-affected-db/blob/develop/SOFTWARE-LIST.md
Mitigating CVE-2016-4437: Remote Code Execution Vulnerability in Apache ActiveMQ
Mitigating CVE-2013-1896: Privilege Escalation Vulnerability in Puppet
Subject: Mitigating CVE-2014-6271: Shellshock Vulnerability in Bash