New RCE vulnerability in Log4J 2.17.0

December 28, 2021

Syhunt Alert: New RCE vulnerability in Log4J 2.17.0

Update 1: CVE-2021-44832 has been assigned to this vulnerability, which has been confirmed by Apache and fixed in Apache Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6), released today.

Update 2: Syhunt Hybrid, released today, adds check for this new CVE-2021-44832 and also CVE-2021-45105 (DoS) through Syhunt Code. In addition to this, Syhunt adds WAF bypass techniques to CVE-2021-44228 in Syhunt Dynamic and the Syhunt Insight log analyzer.

Dear customers,

We have been told that Apache is working to fix a new vulnerability identified by security researchers that supposedly allows remote command execution again. The vulnerability would affect version 2.17.0, which includes a patch for a similar vulnerability of equal severity. We recommend that customers using the library monitor the official Log4J page for more details and apply patches as they become available.

As soon as possible, when new information becomes available, new checks will be added to Syhunt, allowing Syhunt tools to detect this new variant.