Security News > 2021 > December > “Log4Shell” Java vulnerability – how to safeguard your servers
The bug, now officially denoted CVE-2021-44248, involves sending a request to a vulnerable server in which you include some data - for example, an HTTP header - that you expect the server will write to its logfile.
Not just any old download: if the data that comes back is a valid Java program, then the server runs that file to "Help" it generate the logging data.
These requests happen via a commonly-used Java toolkit known as JNDI, short for Java Naming and Directory Interface, which is a Java module that makes it easy for Java code to carry out online lookups such as the above-mentioned user-ID-to-real-name conversion.
Many servers out there aren't set up that way, and so malicious "Logsploiters" could try embedding text such as in the data they expect you to log.
As you can imagine, they could: leak data from the server itself; learn details about the internal network it's connected to; modify data on the server; exfiltrate data from other servers on the network; open additional backdoors on the server or the network for future attacks; implant additional malware such as a network snooper, a memory scraper, a data stealer, a cryptominer.
Block JNDI from making requests to untrusted servers.