Log4J Vulnerability explained

How does the exploit happen??

  • Lightweight Directory Access Protocol (LDAP)
  • Secure LDAP (LDAPS)
  • Remote Method Invocation (RMI)
  • Domain Name Service (DNS)
Log4J FlowChart

Mitigation and Patching

  1. Implement a firewall with scrutinized port allowance and logging.
  2. Block the traffic at the network layer.
  3. Limiting the suspected device’s communication for internal and external communication over the internet.
  4. Isolate and quarantine the device for security purposes.
  5. Updating the device to Log4j version of 2.15 or above
  6. setting the environment parameter values to Log4j2.formatMsgNoLookups=true and LOG4J_FORMt_msg_no_lookups=true, so that disables the LookUps.

Impact Level

Reference

--

--

--

CyberPunk who always wanted to explore a new horizons over cyber space. Doing pen testing into my own network systems for detecting the vunerabilities .

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Sweet Baby Girl Mermaid Life Hack Free Resources Generator

Maverick Protocol Test Feedback

Hello Medium friends, I have started to learn and know about a Defi project called #InsureDAO with…

HackTheBox: Shocker machine

SSS Assignment 2019

Before You Turn On Two-Factor Authentication…

Spartan Node BULLISH Lunar New Year GIVEAWAY

Rabet,An Integrated Set of Open-source Wallets, to List on BitMart Exchange

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Akilnath Bodipudi

Akilnath Bodipudi

CyberPunk who always wanted to explore a new horizons over cyber space. Doing pen testing into my own network systems for detecting the vunerabilities .

More from Medium

log4j Vulnerability

picoCTF: Cookies

The Bad Twin: a peculiar case of JWT exploitation scenario

Finding an unseen SQL Injection by bypassing escape functions in mysqljs/mysql