{"id":5313,"date":"2021-12-16T13:17:17","date_gmt":"2021-12-16T12:17:17","guid":{"rendered":"https:\/\/cobisoft.de\/apache-log4j-zero-day-vulnerability\/"},"modified":"2021-12-16T13:18:00","modified_gmt":"2021-12-16T12:18:00","slug":"apache-log4j-zero-day-vulnerability","status":"publish","type":"post","link":"https:\/\/cobisoft.de\/en\/apache-log4j-zero-day-vulnerability\/","title":{"rendered":"Apache Log4j Zero Day vulnerability"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"5313\" class=\"elementor elementor-5313 elementor-5300\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-dffd6b7 elementor-section-height-min-height elementor-section-boxed elementor-section-height-default elementor-section-items-middle\" data-id=\"dffd6b7\" data-element_type=\"section\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;}\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0976637\" data-id=\"0976637\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap\">\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-352de250 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"352de250\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-7167b1a5\" data-id=\"7167b1a5\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-719ccad elementor-widget elementor-widget-text-editor\" data-id=\"719ccad\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>16.12.2021<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f7fd40 elementor-widget elementor-widget-heading\" data-id=\"1f7fd40\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Critical zero-day gap in log4j<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-64a444dd elementor-widget elementor-widget-text-editor\" data-id=\"64a444dd\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>In December 2021, a critical security problem was found in the Java framework log4j. As a result, an attacker who could control log messages or log message parameters could execute arbitrary code that is loaded by LDAP servers with message lookup replacement enabled.<\/p>\n<p>Further information on this zero-day security vulnerability can be found here at https:\/\/www.bsi.bund.de\/SharedDocs\/Cybersicherheitswarnung\/DE\/2021\/2021-549032-10F2.pdf?__blob=publicationFile&amp;v=6<\/p>\n<p>This library is used in many software products around the world.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-066008c elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"066008c\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-96f0310 elementor-widget elementor-widget-heading\" data-id=\"96f0310\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">The following COBISOFT solutions are not affected:<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5713883 elementor-widget elementor-widget-text-editor\" data-id=\"5713883\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul>\n<li>COBI.wms App: Does not use log4j and is an Android app and not a server application anyway.<\/li>\n<li>COBI.wms HANA Proxy: does not use log4j.<\/li>\n<li>COBI.time is based on Node.JS and does not contain any components written in Java.<\/li>\n<li>COBI.edi is based on C # .NET and does not contain any components written in Java.<\/li>\n<li>COBI.msv Server: does not use log4j.<\/li>\n<\/ul>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8746f7b elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"8746f7b\" data-element_type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-1f51e24 elementor-widget elementor-widget-heading\" data-id=\"1f51e24\" data-element_type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h4 class=\"elementor-heading-title elementor-size-default\">The following COBISOFT products or product components are implemented as server-side Java applications:<\/h4>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-cbad386 elementor-widget elementor-widget-text-editor\" data-id=\"cbad386\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><strong>HANA proxy<\/strong><\/p>\n<p>The HANA proxy is used to exchange data between the COBI.wms Android app and on-premises installations of the SAP HANA database for SAP Business One. The only external Java component used by the HANA proxy is the Gson JSON library from Google. Log4J is therefore not used in the HANA proxy.<\/p>\n<p>In addition, the communication between the COBI.wms Android app and the HANA proxy takes place in the context of a local network, which is why the HANA proxy installations cannot be accessed from the Internet.<\/p>\n<p><strong>COBI.msv<\/strong><\/p>\n<p>COBI.msv is an implementation of the server component of the MSV3 v2.0 specification. Installations of COBI.msv are made publicly accessible from the Internet. The following external Java components are imported by COBI.msv:<\/p>\n<p>The Gson JSON library from Google. (com.google.code.gson: gson)<br \/>\nThe JAX WS RI runtime library bundle. (com.sun.xml.ws:jaxws-rt)<\/p>\n<p>COBI.msv does not use Log4J directly. However, the import of the JAX WS bundle results in the following list of JAR files that are used indirectly by COBI.msv:<\/p>\n<ul>\n<li>activation-1.1.jar<\/li>\n<li>FastInfoset-1.2.16.jar<\/li>\n<li>gmbal-4.0.0.jar<\/li>\n<li>ha-api-3.1.12.jar<\/li>\n<li>istack-commons-runtime-3.0.8.jar<\/li>\n<li>jakarta.activation-api-1.2.1.jar<\/li>\n<li>jakarta.annotation-api-1.3.4.jar<\/li>\n<li>jakarta.jws-api-1.1.1.jar<\/li>\n<li>jakarta.xml.bind-api-2.3.2.jar<\/li>\n<li>jakarta.xml.soap-api-1.4.1.jar<\/li>\n<li>jakarta.xml.ws-api-2.3.2.jar<\/li>\n<li>javax.mail-1.6.2.jar<\/li>\n<li>jaxb-runtime-2.3.2.jar<\/li>\n<li>jaxws-rt-2.3.2-1.jar<\/li>\n<li>management-api-3.2.1.jar<\/li>\n<li>mimepull-1.9.11.jar<\/li>\n<li>pfl-asm-4.0.1.jar<\/li>\n<li>pfl-basic-4.0.1.jar<\/li>\n<li>pfl-basic-tools-4.0.1.jar<\/li>\n<li>pfl-dynamic-4.0.1.jar<\/li>\n<li>pfl-tf-4.0.1.jar<\/li>\n<li>pfl-tf-tools-4.0.1.jar<\/li>\n<li>policy-2.7.6.jar<\/li>\n<li>saaj-impl-1.5.1.jar<\/li>\n<li>stax2-api-4.1.jar<\/li>\n<li>stax-ex-1.8.1.jar<\/li>\n<li>streambuffer-1.5.7.jar<\/li>\n<li>txw2-2.3.2.jar<\/li>\n<li>woodstox-core-5.1.0.jar<\/li>\n<\/ul>\n<p>(The list was generated from a productive installation of COBI.msv 1.1.0.)<\/p>\n<p>These JAR files were thoroughly searched for contained Java .class files as well as nested JAR files. No trace of Log4J was found.<\/p>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f8667b0 elementor-widget elementor-widget-spacer\" data-id=\"f8667b0\" data-element_type=\"widget\" data-widget_type=\"spacer.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-spacer\">\n\t\t\t<div class=\"elementor-spacer-inner\"><\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>16.12.2021 Critical zero-day gap in log4j In December 2021, a critical security problem was found in the Java framework log4j. As a result, an attacker who could control log messages&hellip;&nbsp;<a href=\"https:\/\/cobisoft.de\/en\/apache-log4j-zero-day-vulnerability\/\" rel=\"bookmark\">Read More &raquo;<span class=\"screen-reader-text\">Apache Log4j Zero Day vulnerability<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"elementor_header_footer","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[28],"tags":[],"class_list":["post-5313","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/posts\/5313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/comments?post=5313"}],"version-history":[{"count":5,"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/posts\/5313\/revisions"}],"predecessor-version":[{"id":5343,"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/posts\/5313\/revisions\/5343"}],"wp:attachment":[{"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/media?parent=5313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/categories?post=5313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cobisoft.de\/en\/wp-json\/wp\/v2\/tags?post=5313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}