The Apache Foundation released an emergency update for a critical zero-day vulnerability in Log4j, a ubiquitous, open source logging framework that developers use to keep a record of activity within an application. The issue has been named Log4Shell and received the identifier CVE-2021-44228.
Many large software companies and online services use the Log4j library, including Amazon, Apple iCloud, Cisco, Cloudflare, ElasticSearch, Red Hat, Steam, Tesla, Twitter, and many more. Because of the library being so popular, hackers are already actively exploiting the vulnerability. These attack attempts are only expected to increase in the days to come.
Am I vulnerable?
The Log4j 2 library is frequently used in enterprise Java software and is included in Apache frameworks including:
- Apache Struts2
- Apache Solr
- Apache Druid
- Apache Flink
- Apache Swift
Even if you do not use log4j directly in your application, frameworks and tools could potentially include a vulnerable version in their distribution.
How can you detect the systems use vulnerable Log4j?
Run the following command on your Linux systems:
grep -r ‘org/apache/logging/log4j/core/lookup/JndiLookup.class’ /
If the output is “binary file matches,” relevant files use the Log4j library. You can run the relevant commands from the GitHub repository for Windows systems.
If you are one of our Managed IT Support Clients, we are already running reports to identify potentially impacted systems and will contact you if we need to take any action.