Skip to content

Blackbit responds to critical vulnerability in Log4j

The German Federal Office for Information Security (BSI) has issued a level red cyber security warning. The reason is a critical vulnerability in the widely used Java library Log4j, which the BSI considers a serious threat situation.

Blackbit responds to critical vulnerability in Log4j

Log4j version-dependent vulnerability

Log4j is a popular and widely used logging library for Java applications, which is used to aggregate log data within an application. The vulnerability in Log4j disclosed on 9 December affects versions 2.0 to 2.14.1 and is patched as of 2.15. According to the proof of concept (PoC) also published on GitHub on 9 December, the vulnerability allows attackers to execute their own codes on target systems and simply paralyse individual applications and entire servers.

Potential risks in Log4j

The critical vulnerability can not only be used to install further malware, but also to read confidential data. This does not even require external malware, a simple request is enough. This critical vulnerability therefore potentially affects all Java applications accessible from the internet that work with Log4j.

There are already numerous examples of scripts that randomly check systems for vulnerability. There is also increasing evidence of attempts to exploit the vulnerability through botnets.

We have reacted

Our SysOps reacted immediately and applied the necessary security patches to affected systems, upgraded Elasticsearch and removed unused Elasticsearch instances. In addition, all file systems on our servers were searched for the keyword "Log4js" in order to identify further locations where the vulnerable logging library is used. Since only Java applications are affected by the current vulnerability, it was not necessary to check PHP applications.

Still questions?

If you have any questions about Log4j, the security of your system or other topics, please feel free to contact us at any time.

Comments: