On Friday, December 10 2021, the SecurityTrails research team started tracking a critical vulnerability in the widely used Java-based Apache library Log4j. Dubbed Log4Shell (CVE-2021-44228), this vulnerability has shaken the cybersecurity community as well as organizations across the globe.
Due to Log4j being a library used by many products, it can be found in numerous, and often hidden areas of an organization's infrastructure: from enterprise-level products to software developed in-house.
How can organizations fight against Log4Shell-based attacks?
One of the biggest challenges organizations have now is the lack of visibility over all the internet facing assets, including outdated asset inventory and absence of a clear list of affected products.
Understanding your organization's asset exposure is one of the best ways to mitigate Log4Shell-based attacks. SecurityTrails Attack Surface Intelligence (ASI) enables you to:
- Ensure that you have a real-time full inventory of your on-premises and cloud-hosted assets
- Identify specific products potentially impacted by Log4Shell including Apache Solr, Docker, Kibana, and others
- Triage and identify assets for follow-on scans, investigations, mitigation and remediation.
Recommendations for SecurityTrails ASI customers
SecurityTrails ASI customers can understand their exposure to Log4Shell in the following ways:
Ensure all Internet-facing assets are behind a WAF: ASI detects over 150 technologies providing web application firewall-like services. Ensuring proper implementation of WAF policy across all assets (both on-premises and in the cloud) can help mitigate Log4Shell exposure. Major WAF providers have implemented rule-changes to help mitigate the impact and outside-in view provided by ASI can ensure all assets are deployed appropriately.
Monitor newly deployed assets in ASI Activity Tab: SecurityTrails feed of newly deployed assets contains discovery dates and tags which can provide detailed context on new internet-facing assets, ensuring compliance.
Inspect detected servers and backend technologies: The SecurityTrails research team continues to investigate products and technologies that may be impacted due to use of Log4j. ASI detects over 1000 internet-facing technologies including the following potentially impacted by this critical Log4Shell RCE vulnerability. Impact is highly dependent upon implementation of these products, and we include these technologies in support of initial impact triage:
- Adobe ColdFusion
- Adobe Experience Manager
- Apache Hadoop
- Apache Solr
- Apache Tomcat
- Apache Wicket
- Atlassian Bitbucket
- Atlassian Confluence
- Atlassian Jira
- JavaServer Faces
- New Relic
- Oracle Application Server
- Oracle Commerce
- Oracle WebLogic
Explore Screenshots in the Explorer Tab: ASI's new screenshot feature supports inventory of all internet-facing forms, a common attack target for Log4Shell exploitation.
The SecurityTrails research team will continue to monitor technologies impacted by this critical vulnerability and share ways that ASI can support visibility and risk mitigation.