Expand my Community achievements bar.

Announcing the launch of new sub-community for Campaign Web UI to cater specifically to the needs of Campaign Web UI users!
SOLVED

Log4j For Adobe Campaign

Avatar

Level 2

Hello,

 

A critical vulnerability was found in the popular Java logging framework log4j. 

The whole story can be found here: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaSec

 

This new Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) was reported on Friday (10 Dec 2021)

We're on ACC v7 and I'd appreciate any inputs from this community to understand if this vulnerability affects services hosted in ACC v7.
If so what are the corrective measures to overcome this.

 

Thanks,
Vishal

1 Accepted Solution

Avatar

Correct answer by
Community Advisor

Hi, for the all comunity memebers who work with on-premise solutions you can use the following code on your exposed servers (usualy tracking ones) to search the logs in order to see if attacks were tried:

Milan_Vucetic_0-1639295385808.png

Where posible upgrade you log4j 2 on latest 2.15.0 version

Nice way to see if you are exposed to this threat: Start netcat parallel to your app:

Milan_Vucetic_1-1639295413074.png

then type the following in the app where gets logged (ex. the query string of your search):

Milan_Vucetic_2-1639295438322.png

If you then see a lot of garbage emojies in the netcat console you are vulnerable!

Sorry about pictures above. Article just won't to accept any code even if code tags used.

 

Regards,

Milan

View solution in original post

6 Replies

Avatar

Correct answer by
Community Advisor

Hi, for the all comunity memebers who work with on-premise solutions you can use the following code on your exposed servers (usualy tracking ones) to search the logs in order to see if attacks were tried:

Milan_Vucetic_0-1639295385808.png

Where posible upgrade you log4j 2 on latest 2.15.0 version

Nice way to see if you are exposed to this threat: Start netcat parallel to your app:

Milan_Vucetic_1-1639295413074.png

then type the following in the app where gets logged (ex. the query string of your search):

Milan_Vucetic_2-1639295438322.png

If you then see a lot of garbage emojies in the netcat console you are vulnerable!

Sorry about pictures above. Article just won't to accept any code even if code tags used.

 

Regards,

Milan

Avatar

Level 2

Thanks a lot, Milan

So, hosted customers are not affected by the Log4j Remote Code Execution Vulnerability, right?

 

Thanks,

Vishal

Avatar

Level 5

Hi Milan, 

The code provided above are I believe for on prem in Linux OS, do we know how to check if the Adobe Campaign is installed in Windows servers. 

 

Thanks,
Adithya

Avatar

Community Advisor

We are on 7.0 21.1  build 9282 and it's using 

 

log4j-1.2.11.jar

 

it's under 

$(XTK_INSTALL_DIR)/java/lib/log4j-1.2.11.jar

 

this version does not contain the jndilookup library which is added from version 2

 

 

So we are good, right?  at least for this vulnerability