[Critical] Remote code execution vulnerability in open source Apache Log4j

On November 24, 2021, the Alibaba Cloud security team reported the Apache Log4j2 remote code execution vulnerability to Apache officials.

01 Vulnerability description

Apache Log4j2 is an excellent Java logging framework. On November 24, 2021, the Alibaba Cloud security team reported the Apache Log4j2 remote code execution vulnerability to Apache officials. Due to the recursive parsing function of some functions of Apache Log4j2, attackers can directly construct malicious requests and trigger remote code execution vulnerabilities. No special configuration is required to exploit the vulnerability. It has been verified by the Alibaba Cloud security team that Apache Struts2, Apache Solr, Apache Druid, Apache Flink, etc. are all affected. Alibaba Cloud Emergency Response Center reminds Apache Log4j2 users to take security measures as soon as possible to prevent vulnerability attacks.

02Vulnerability Rating

Apache Log4j has serious remote code execution vulnerability

Vulnerability details Vulnerability PoC Vulnerability EXP Exploitation in the wild

03 Affected versions

Apache Log4j 2.x <= 2.15.0-rc1

04 Safety Advice

1. Upgrade all related applications of Apache Log4j2 to the latest log4j-2.15.0-rc2 version, address: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc2

2. Upgrade known affected applications and components, such as srping-boot-strater-log4j2/Apache Solr/Apache Flink/Apache Druid

05 Related links:
https://help.aliyun.com/noticelist/articleid/1060971232.html