21년 11월 24일 발견된 인터넷 역사상 최악의 보안결함이라는 Log4j 취약점이 이슈가 되었습니다.
처음엔 몇몇 사이트들에 대해서만 이야기가 나왔지만 12월 9일 본격적으로 알려지기 시작되었습니다.
문제가 되는 사이트는 AWS(Amazon Web Service)나 MS의 Azure, Boradcom, Cisco, Citrix, Cloudflare, Dell, Huawei, Microsoft, Minecraft, Netflix, Oracle, Palo-Alto, Redhat, IBM, TrendMicro, VMware 등등 유명한 사이트들도 많이 있습니다.
Log4j란?
아파치 소프트웨어 재단의 자바 언어로 제작된 애드온 프로그램으로, java코딩 중 프로그램의 로그를 기록해주는 역할을 하고 있습니다. 여러 프로그램과 연동하면 프로그램 실행 시 자동으로 지정한 경로에 로그(접속 기록, 실행여부, 오류 등을 기록한 문서)를 저장해주는 역할을 합니다.
문제점
기업 홈페이지 등 인터넷 서비스를 운영 및 관리 목적으로 로그기록을 남기는데 사용하는 이 프로그램에 심각한 구멍이 있었습니다. 해커가 log4j를 통해 원격으로 특정 문자를 전송하면 원격으로 명령을 내릴 수 있는 권한을 획득하게되고, 이를 통해 악성코드를 실행할 수 있습니다.
조치방법?
log4j의 버전데이트 : 2.0 beta9 ~ 2.14.1 버전은 즉시 2.15.0으로 업데이트 적용
● 2.0 beta9 ~ 2.10.0 : JndiLookup 클래스를 경로에서 제거 :
zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class
● 2.10~2.14.1 : log4j2.formatMsgNoLookups 또는 LOG4J_FORMAT_MSG_NO_LOOKUPS 환경변수를 true로 설정
● Apache Log4j 2.15.0 (아파치 Log4j 2 다운로드 페이지)
https://logging.apache.org/log4j/2.x/download.html
github에 올라온, 위에 언급하지 않은 취약사이트 정보도 참고하시기 바랍니다.
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
A
https://www.akamai.com/blog/news/CVE-2021-44228-Zero-Day-Vulnerability Akamai :
https://github.com/apache/druid/pull/12051 Apache Druid :
https://flink.apache.org/2021/12/10/log4j-cve.html Apache Flink :
https://logging.apache.org/log4j/2.x/security.html Apache LOG4J :
https://lists.apache.org/thread/lgbtvvmy68p0059yoyn9qxzosdmx4jdv Apache Kafka :
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 Apache Solr :
https://apereo.github.io/2021/12/11/log4j-vuln/ Apero CAS :
https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 Aptible :
https://confluence.atlassian.com/kb/faq-for-cve-2021-44228-1103069406.html Atlassian :
https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 Automox :
https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ AWS :
https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 AZURE Datalake store java :
B
https://twitter.com/backblaze/status/1469477224277368838 BACKBLAZE :
https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability BitDefender :
https://docs.bitnami.com/general/security/security-2021-12-10/ BitNami By VMware :
https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability BMC Software :
C
https://community.carbonblack.com/t5/Threat-Research-Docs/Log4Shell-Log4j-Remote-Code-Execution-CVE-2021-44228/ta-p/109134 CarbonBlack :
https://support.cerberusftp.com/hc/en-us/articles/4412448183571-Cerberus-is-not-affected-by-CVE-2021-44228-log4j-0-day-vulnerability Cerberus FTP :
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd Cisco:
https://support.citrix.com/article/CTX335705 Citrix :
https://blog.cloudflare.com/cve-2021-44228-log4j-rce-0-day-mitigation/ CloudFlare :
https://forums.cpanel.net/threads/log4j-cve-2021-44228-does-it-affect-cpanel.696249/ CPanel :
https://www.concretecms.com/about/blog/security/concrete-log4j-zero-day-exploit ConcreteCMS.com :
https://connect2id.com/blog/connect2id-server-12-5-1 Connect2id :
https://www.connectwise.com/company/trust/advisories ConnectWise :
https://support.contrastsecurity.com/hc/en-us/articles/4412612486548 ContrastSecurity :
https://twitter.com/Coralogix/status/1469713430659559425 Coralogix :
https://forums.couchbase.com/t/ann-elasticsearch-connector-4-3-3-4-2-13-fixes-log4j-vulnerability/32402 CouchBase :
https://www.cybereason.com/blog/cybereason-solutions-are-not-impacted-by-apache-log4j-vulnerability-cve-2021-44228 Cybereason :
D
https://www.datto.com/blog/dattos-response-to-log4shell Datto :
https://security-tracker.debian.org/tracker/CVE-2021-44228 Debian :
https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ Docker :
https://twitter.com/dropwizardio/status/1469285337524580359 DropWizard :
E
https://git.eclipse.org/r/c/tracecompass/org.eclipse.tracecompass/+/188751 Eclipse Foundation :
https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 EVLLABS JGAAP :
F
https://support.f5.com/csp/article/K19026212 F5 Networks :
https://status.f-secure.com/incidents/sk8vmr0h34pd F-Secure
https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j Fastly :
https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/ FusionAuth :
G
https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability Genesys :
https://github.com/advisories/GHSA-jfh8-c2jp-5v3q GitHub :
https://www.goanywhere.com/cve-2021-44228-goanywhere-mitigation-steps GoAnywhere :
https://cloud.google.com/blog/products/identity-security/cloud-armor-waf-rule-to-help-address-apache-log4j-vulnerability Google Cloud Armor WAF :
https://www.graylog.org/post/graylog-update-for-log4j GrayLog :
https://twitter.com/GuardedBox/status/1469739834117799939 GuardedBox :
H
https://twitter.com/jobertabma/status/1469490881854013444 HackerOne :
https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en Huawei :
https://twitter.com/hostifi_net/status/1469511114824339464 HostiFi :
I
https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/ Imperva :
https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day Inductive Automation :
https://network.informatica.com/community/informatica-network/blog/2021/12/10/log4j-vulnerability-update Informatica :
J
https://community.jamf.com/t5/jamf-pro/third-party-security-issue/td-p/253740 JAMF NATION :
https://www.ibm.com/support/pages/node/6525552 JazzSM DASH IBM :
https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ Jenkins :
https://youtrack.jetbrains.com/issue/TW-74298 JetBrains Teamcity :
https://twitter.com/jfrog/status/1469385793823199240 JFROG :
K
https://github.com/microsoft/kafka-connect-cosmosdb/blob/0f5d0c9dbf2812400bb480d1ff0672dfa6bb56f0/CHANGELOG.md Kafka Connect CosmosDB :
https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment Kaseya :
https://github.com/keycloak/keycloak/discussions/9078 Keycloak :
L
https://www.leanix.net/en/blog/log4j-vulnerability-log4shell Leanix :
https://twitter.com/LucentSky/status/1469358706311974914 LucentSKY :
https://discuss.lightbend.com/t/regarding-the-log4j2-vulnerability-cve-2021-44228/9275 Lightbend :
M
https://twitter.com/macchina_io/status/1469611606569099269 Macchina io :
https://kc.mcafee.com/corporate/index?page=content&id=KB95091 McAfee :
https://github.com/metabase/metabase/commit/8bfce98beb25e48830ac2bfd57432301c5e3ab37 Metabase :
https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ Microsoft :
https://www.minecraft.net/en-us/article/important-message--security-vulnerability-java-edition Minecraft :
N
https://www.n-able.com/security-and-privacy/apache-log4j-vulnerability N-able :
https://security.netapp.com/advisory/ntap-20211210-0007/ NetApp :
https://github.com/search?q=org%3ANetflix+CVE-2021-44228&type=commits Netflix :
https://github.com/nextgenhealthcare/connect/discussions/4892#discussioncomment-1789526 NextGen Healthcare Mirth :
https://github.com/newrelic/newrelic-java-agent/issues/605 Newrelic :
O
https://sec.okta.com/articles/2021/12/log4shell Okta :
https://github.com/openhab/openhab-distro/pull/1343 OpenHab :
https://talk.openmrs.org/t/urgent-security-advisory-2021-12-11-re-apache-log4j-2/35341 OpenMRS TALK :
https://discuss.opendistrocommunity.dev/t/log4j-patch-for-cve-2021-44228/7950 OpenSearch :
https://www.oracle.com/security-alerts/alert-cve-2021-44228.html Oracle :
https://www.oxygenxml.com/security/advisory/CVE-2019-17571.html OxygenXML :
P
https://security.paloaltonetworks.com/CVE-2021-44228 Palo-Alto Networks :
https://www.papercut.com/support/known-issues/#PO-684 PaperCut :
https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability Pega :
https://twitter.com/ptsecurity/status/1469398376978522116 Positive Technologies :
https://www.progress.com/security Progress / IpSwitch :
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR Pulse Secure :
https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ Puppet :
https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) Pure Storage :
Q
https://support.quest.com/kace-systems-management-appliance/kb/335869/is-the-kace-sma-affected-by-cve-2021-44228 Quest KACE :
R
https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ Red5Pro :
https://access.redhat.com/security/cve/cve-2021-44228 RedHat :
https://docs.rundeck.com/docs/history/CVEs/ RunDeck by PagerDuty :
https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK Rubrik :
S
https://help.salesforce.com/s/articleView?id=000363736&type=1 Salesforce :
https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html Security Onion :
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 ServiceNow :
https://twitter.com/sesam_info/status/1469711992122486791 Sesam Info :
http://shibboleth.net/pipermail/announce/2021-December/000253.html Shibboleth :
http://slf4j.org/log4shell.html SLF4J :
https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 SmileCDR :
https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce Sophos :
https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 SonarSource :
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 SonicWall :
https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot Spring Boot :
https://www.suse.com/security/cve/CVE-2021-44228.html SUSE :
https://www.ibm.com/support/pages/node/6525544 Sterling Order IBM :
https://community.synopsys.com/s/article/SIG-Security-Advisory-for-Apache-Log4J2-CVE-2021-44228 Synopsys :
T
https://jira.talendforge.org/browse/TCOMP-2054 Talend :
https://community.tanium.com/s/article/How-Tanium-Can-Help-with-CVE-2021-44228-Log4Shell Tanium :
https://success.trendmicro.com/solution/000289940 TrendMicro :
U
https://community.ui.com/releases/UniFi-Network-Application-6-5-54/d717f241-48bb-4979-8b10-99db36ddabe1 Ubiquiti-UniFi-UI :
https://ussignal.com/blog/apache-log4j-vulnerability USSIGNAL MSP :
V
https://github.com/vespa-engine/blog/blob/f281ce4399ed3e97b4fed32fcc36f9ba4b17b1e2/_posts/2021-12-10-log4j-vulnerability.md Vespa ENGINE :
https://www.vmware.com/security/advisories/VMSA-2021-0028.html VMware :
W
https://lab.wallarm.com/cve-2021-44228-mitigation-update/ Wallarm :
https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ WatchGuard / Secplicity /
https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve Wowza :
https://github.com/wso2/security-tools/pull/169 WSO2 :
X
https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact XCP-ng :
Y
Z
https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256 ZAMMAD :
https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/ Zaproxy :
https://www.zesty.io/mindshare/company-announcements/log4j-exploit/ Zesty :
'IT관련지식' 카테고리의 다른 글
PC 켤때마다 F1키 누르라는 메세지가 뜨면? (0) | 2024.02.01 |
---|---|
Rufus를 활용하여 부팅 외장하드 만들기 (0) | 2023.01.27 |
Windows11 공식출시 (21년 10월 5일) (0) | 2021.10.15 |
새로운 노트북 구입(17.3인치) (0) | 2021.07.23 |
Windows7, Windows8 차세대 Windows11 무료 업글 (펌) (0) | 2021.07.08 |
댓글