Researchers from cybersecurity firm Cybereason has released a “vaccine” that can be used to remotely mitigate the critical ‘Log4Shell’ Apache Log4j code execution vulnerability running rampant through the Internet.
Apache Log4j is a Java-based logging platform that can be used to analyze web server access logs or application logs. The software is heavily used in the enterprise, eCommerce platforms, and games, such as Minecraft who rushed out a patched version earlier today.
Early this morning, researchers released a proof-of-concept exploit for a zero-day remote code execution vulnerability in Apache Log4j tracked as CVE-2021-44228and dubbed ‘Log4Shell.’
While Apache quickly released Log4j 2.15.0 to resolve the vulnerability, the vulnerability is trivial to exploit, and cybersecurity firms and researchers quickly saw attackers scan and attempt to compromise vulnerable devices.
As threat actors can exploit this vulnerability by simply changing their web browser’s user agent and visiting a vulnerable site or searching for that string on a site, it quickly became a nightmare for the enterprise and some of the most popular websites on the web.
Vaccine released for Log4Shell
Friday evening, cybersecurity firm Cybereason released a script, or “vaccine,” that exploits the vulnerability to turn off a setting in remote, vulnerable Log4Shell instance. Basically, the vaccine fixes the vulnerability by exploiting the vulnerable server.
This project is called ‘Logout4Shell’ and walks you through setting up a Java-based LDAP server and includes a Java payload that will disable the ‘trustURLCodebase’ setting in a remote Log4j server to mitigate the vulnerability.