Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

SOLVED

Log4j For Adobe Campaign

vishalkumarjha24
Level 1
Level 1

Hello,

 

A critical vulnerability was found in the popular Java logging framework log4j. 

The whole story can be found here: Log4Shell: RCE 0-day exploit found in log4j, a popular Java logging package | LunaSec

 

This new Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228) was reported on Friday (10 Dec 2021)

We're on ACC v7 and I'd appreciate any inputs from this community to understand if this vulnerability affects services hosted in ACC v7.
If so what are the corrective measures to overcome this.

 

Thanks,
Vishal

1 Accepted Solution
Milan_Vucetic
Correct answer by
Community Advisor
Community Advisor

Hi, for the all comunity memebers who work with on-premise solutions you can use the following code on your exposed servers (usualy tracking ones) to search the logs in order to see if attacks were tried:

Milan_Vucetic_0-1639295385808.png

Where posible upgrade you log4j 2 on latest 2.15.0 version

Nice way to see if you are exposed to this threat: Start netcat parallel to your app:

Milan_Vucetic_1-1639295413074.png

then type the following in the app where gets logged (ex. the query string of your search):

Milan_Vucetic_2-1639295438322.png

If you then see a lot of garbage emojies in the netcat console you are vulnerable!

Sorry about pictures above. Article just won't to accept any code even if code tags used.

 

Regards,

Milan

View solution in original post

6 Replies
Milan_Vucetic
Correct answer by
Community Advisor
Community Advisor

Hi, for the all comunity memebers who work with on-premise solutions you can use the following code on your exposed servers (usualy tracking ones) to search the logs in order to see if attacks were tried:

Milan_Vucetic_0-1639295385808.png

Where posible upgrade you log4j 2 on latest 2.15.0 version

Nice way to see if you are exposed to this threat: Start netcat parallel to your app:

Milan_Vucetic_1-1639295413074.png

then type the following in the app where gets logged (ex. the query string of your search):

Milan_Vucetic_2-1639295438322.png

If you then see a lot of garbage emojies in the netcat console you are vulnerable!

Sorry about pictures above. Article just won't to accept any code even if code tags used.

 

Regards,

Milan

vishalkumarjha24
Level 1
Level 1

Thanks a lot, Milan

So, hosted customers are not affected by the Log4j Remote Code Execution Vulnerability, right?

 

Thanks,

Vishal

adithyacs86
Level 5
Level 5

Hi Milan, 

The code provided above are I believe for on prem in Linux OS, do we know how to check if the Adobe Campaign is installed in Windows servers. 

 

Thanks,
Adithya

Marcel_Szimonisz
Community Advisor
Community Advisor

We are on 7.0 21.1  build 9282 and it's using 

 

log4j-1.2.11.jar

 

it's under 

$(XTK_INSTALL_DIR)/java/lib/log4j-1.2.11.jar

 

this version does not contain the jndilookup library which is added from version 2

 

 

So we are good, right?  at least for this vulnerability