The vulnerability allows attackers to execute arbitrary code on their victims’ systems if an affected version of Log4J2 is in use. Just another problem: The gap can be exploited with a simple command and can therefore be made use of with very little expertise. Germanys National Cybersecurity Agency (BSI) further warns of the consequences of the gap.
Java library Log4J2, which is used to write logs in Java applications, is affected. The library is considered a de facto-standard as it is utilized in millions of applications. It is sufficient to initiate a logging process in a Java application with a user-defined string.
Once the process has been successfully executed, only a small exploit file on a remote web resource needs to be referenced to, to perform the attack. The code is not verified regarding its origin, therefore resources outside the user’s own server will also be accepted.
Anyone using Java applications with Log4J2 should therefore apply available patches immediately. Even if no network attack has been detected so far, it is recommended to have a qualified IT service provider assess whether the network has been compromised. Due to the ease of exploitation, it is to be expected that criminals will first compromise hundreds of thousands of systems and then begin to monetize these infections in a few weeks, for example by installing ransomware.