The Log4j vulnerability, also known as Log4Shell, is a critical security flaw in the Apache Log4j library, which is a widely used logging utility for Java applications. The vulnerability was first disclosed in December 2021 and has been assigned the identifier CVE-2021-44228.
The Log4j vulnerability is a remote code execution (RCE) vulnerability that allows an attacker to execute arbitrary code on a vulnerable system by simply sending a specially crafted log message. The vulnerability lies in the way Log4j handles JNDI (Java Naming and Directory Interface) lookups within log messages. By including a malicious JNDI reference in a log message, an attacker can cause the Log4j library to inadvertently load and execute code from a remote server under the attacker's control.
This vulnerability is particularly concerning because of its ease of exploitation and the widespread use of the Log4j library in various Java applications, including web servers, application servers, and other enterprise software. The widespread use of the Log4j library makes it particularly difficult to discover across a large infrastructure fleet as it requires inspection of running applications & nodes. Once discovered, patching the vulnerability can take days, sometimes weeks as machine restarts are required without impacting the existing running applications.
This Shoreline runbook makes it simple to create an alarm that is configured to constantly look for the Log4j vulnerability across all cloud accounts in your fleet. Once the vulnerability is found, Slack notifications are sent to configured channels alerting about the existence of the vulnerability.
Shoreline doesn’t just alert, it remediates. Customers can create actions that will patch the log4j vulnerability by pulling down the fix from an approved central repository. Further actions can also be created to verify that the patch has been applied. Lastly, the Log4j OpPack combines the alarm & actions into a Shoreline Bot that will detect and remediate the vulnerability without any human involvement.