Since the beginning of December 2021, the Log4j security breach has been worldwide topic of conversation. We at Dr. Wallner Engineering have received numerous inquiries about this topic and would like to summarize it once again.
What exactly is Log4j?
Log4j is the name of the Java library which is an open source software. Many Java based programs are using this software as a standard, for example to document user credentials or error messages.
Why is Log4j dangerous?
Log4j itself is not dangerous. However, it contains a vulnerability, which is called Log4shell that evaluates and tries to interpret already documented entries. This vulnerability can be used to remotely execute program code on a target system or to grab sensitive data.
Which versions are affected?
Almost all Log4J versions 2.x and later are affected. Older versions 1.x are not affected. Version 2.17 is currently considered fixed. It is recommended to upgrade to this or a higher version.
What measures should be taken?
Meanwhile one tool has been proven its worth. It automatically performs currently recommended actions. This tool is called Logpresso and it is available at the following link. The functionality is simple:
- A predefined path is scanned for log4j files.
- All found log4j files are scanned for the vulnerability
- Detected vulnerabilities are cleaned up immediately
- Logfiles are written, in which the cleaned files are listed including the file path
More detailed information on how the tool works can be found on Github.
If you have any general questions, please do not hesitate to contact us.
Your DRWE Team
Sources: LunaSec Github eGovernment
