Security News > 2021 > December > Zero Day in Ubiquitous Apache Log4j Tool Under Active Attack
An excruciating, easily exploited flaw in the ubiquitous Java logging library Apache Log4j could allow unauthenticated remote code execution and complete server takeover - and it's being exploited in the wild.
New #0-day vulnerability tracked under "Log4Shell" and CVE-2021-44228 discovered in Apache Log4j We are observing attacks in our honeypot infrastructure coming from the TOR network.
This problem is going to cause a mini-internet meltdown, experts said, given that Log4j is incorporated into scads of popular frameworks, including Apache Struts2, Apache Solr, Apache Druid and Apache Flink.
It's been assigned the maximum CVSS score of 10, given how relatively easy it is to exploit, attackers' ability to seize control of targeted servers and the ubiquity of Log4j.
The security firm said that affected versions are 2.0 <= Apache log4j <= 2.14.1.
To keep the library from being exploited, it's urgently recommended that Log4j versions are upgraded to log4j-2.15.0-rc1.
News URL
https://threatpost.com/zero-day-in-ubiquitous-apache-log4j-tool-under-active-attack/176937/
Related news
- Fully patched Cleo products under renewed 'zero-day-ish' mass attack (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Cleo patches critical zero-day exploited in data theft attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Ivanti warns of new Connect Secure flaw used in zero-day attacks (source)
- Ivanti zero-day attacks infected devices with custom malware (source)
- Fortinet Warns of New Zero-Day Used in Attacks on Firewalls with Exposed Interfaces (source)
- SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) (source)
- SonicWall warns of SMA1000 RCE flaw exploited in zero-day attacks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-10 | CVE-2021-44228 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. network low complexity apache siemens intel debian fedoraproject sonicwall netapp cisco snowsoftware bentley percussion apple critical | 10.0 |