{"id":24881,"date":"2021-12-24T09:48:28","date_gmt":"2021-12-24T01:48:28","guid":{"rendered":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/?p=24881"},"modified":"2025-03-13T04:04:14","modified_gmt":"2025-03-12T20:04:14","slug":"%e3%80%90%e6%bc%8f%e6%b4%9e%e9%a0%90%e8%ad%a6%e3%80%91apache-log4j-2%e5%87%ba%e7%8f%be%e9%87%8d%e5%a4%a7%e9%81%a0%e7%a8%8b%e4%bb%a3%e7%a2%bc%e5%9f%b7%e8%a1%8c%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/archives\/24881","title":{"rendered":"\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Apache Log4j 2\u51fa\u73fe\u91cd\u5927\u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e"},"content":{"rendered":"

\u6559\u80b2\u6a5f\u69cbANA\u901a\u5831\u5e73\u53f0<\/h3>\n\n\n\n\n\n\n\n\n\n\n
\u767c\u4f48\u7de8\u865f<\/td>\nTACERT-ANA-2021122009121010<\/td>\n\u767c\u4f48\u6642\u9593<\/td>\n2021-12-20 09:25:10<\/td>\n<\/tr>\n
\u4e8b\u6545\u985e\u578b<\/td>\nANA-\u6f0f\u6d1e\u9810\u8b66<\/td>\n\u767c\u73fe\u6642\u9593<\/td>\n2021-12-18 12:37:10<\/td>\n<\/tr>\n
\u5f71\u97ff\u7b49\u7d1a<\/td>\n\u4f4e<\/td>\n<\/td>\n<\/td>\n<\/tr>\n
[\u4e3b\u65e8\u8aaa\u660e:]\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Apache Log4j 2\u51fa\u73fe\u91cd\u5927\u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e<\/td>\n<\/tr>\n
[\u5167\u5bb9\u8aaa\u660e:]<\/p>\n

\u8f49\u767c\u00a0 \u6578\u806f\u8cc7\u5b89(ISSDU)\u60c5\u8cc7\u7de8\u865f\uff1aISSDU-ANA-202112-0002<\/p>\n

\u7531\u65bc\u8a31\u591a\u77e5\u540d\u7684\u5927\u578b\u61c9\u7528\u7cfb\u7d71\u5982\u63a8\u7279\u3001iCloud\u3001Minecraft\u7b49\u90fd\u4f7f\u7528\u4e86Log4j\uff0c\u4e14\u9019\u9805\u6f0f\u6d1e\u6975\u70ba\u5bb9\u6613\u88ab\u5229\u7528\uff0c\u5df2\u7d93\u51fa\u73fe\u653b\u64ca\u884c\u52d5\u7684\u60c5\u6cc1\uff0c\u88ab\u8cc7\u5b89\u5c08\u5bb6\u7a31\u70ba\u8fd110\u5e74\u4f86\u6700\u56b4\u91cd\u7684\u6f0f\u6d1e\u3002<\/p>\n

Apache Log4j 2\u662f\u57fa\u65bcJava\u7684\u65e5\u8a8c\u6846\u67b6\uff0c\u8fd1\u65e5\u4ed6\u5011\u767c\u5e03\u4e86\u65b0\u7248\u672c2.15.0\uff0c\u7576\u4e2d\u4fee\u88dc\u4e86\u4e00\u9805\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\u6d1e\uff0c\u7528\u6236\u76e1\u901f\u5347\u7d1a\u6700\u65b0\u7248\u672c\u3002\u6839\u64da\u963f\u91cc\u96f2\u5b89\u5168\u5718\u968a\u7684\u8aaa\u660e\uff0cApache Log4j2\u7684\u67d0\u4e9b\u529f\u80fd\u5b58\u5728\u905e\u8ff4\u89e3\u6790\u529f\u80fd\uff0c\u800c\u653b\u64ca\u8005\u53ef\u76f4\u63a5\u69cb\u9020\u60e1\u610f\u8acb\u6c42\uff0c\u89f8\u767c\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\u6d1e\uff0c\u4e26\u6307\u51faApache Struts2\u3001Apache Solr\u3001Apache Druid\u3001Apache Flink\u90fd\u53d7\u5f71\u97ff\u3002\u76ee\u524dCVE\u6f0f\u6d1e\u7de8\u865fCVE-2021-44228<\/p>\n

\u60c5\u8cc7\u5206\u4eab\u7b49\u7d1a: WHITE(\u60c5\u8cc7\u5167\u5bb9\u70ba\u53ef\u516c\u958b\u63ed\u9732\u4e4b\u8cc7\u8a0a)<\/p>\n

\u6b64\u8a0a\u606f\u50c5\u767c\u9001\u5230\u300c\u5340\u7e23\u5e02\u7db2\u8def\u4e2d\u5fc3\u300d\uff0c\u7169\u8acb\u8cb4\u55ae\u4f4d\u5354\u52a9\u516c\u544a\u6216\u8f49\u767c<\/td>\n<\/tr>\n

[\u5f71\u97ff\u5e73\u53f0:]<\/p>\n

Apache Log4j 2.15.0\u00a0\u7248\u672c\u4e4b\u524d\u7684\u4efb\u4f55\u7248\u672c<\/td>\n<\/tr>\n

[\u5efa\u8b70\u63aa\u65bd:]<\/p>\n

\u6b64\u554f\u984c\u5df2\u5728 Log4J v2.15.0 \u4e2d\u4fee\u5fa9\u3002Apache \u65e5\u8a8c\u670d\u52d9\u5718\u968a\u63d0\u4f9b\u4ee5\u4e0b\u7de9\u89e3\u5efa\u8b70\uff1a<\/p>\n

\u5728\u4ee5\u524d\u7684\u7248\u672c\u4e2d\uff0c\u53ef\u4ee5\u901a\u904e\u5c07\u7cfb\u7d71\u5c6c\u6027log4j2.formatMsgNoLookups\u8a2d\u7f6e\u70baTRUE\u6216\u5f9e\u985e\u8def\u5f91\u4e2d\u522a\u9664 JndiLookup \u985e\u4f86\u7de9\u89e3\u9019\u7a2e\u884c\u70ba\u5982\u679c\u7121\u6cd5\u5347\u7d1a\uff0c\u8acb\u78ba\u4fdd\u5728\u5ba2\u6236\u7aef\u548c\u670d\u52d9\u5668\u7aef\u7d44\u4ef6\u4e0a\u90fd\u5c07\u53c3\u6578Dlog4j2.formatMsgNoLookups\u8a2d\u7f6e\u70baTRUE\u3002<\/p>\n

\u76ee\u524d\u5df2\u6709\u8cc7\u5b89\u8a2d\u5099\u5ee0\u5546\u5df2\u91cb\u51fa\u76f8\u95dc\u653b\u64ca\u7279\u5fb5\uff0c\u5206\u5225\u6709\u4ee5\u4e0b\u5217\u8868\uff0c\u5efa\u8b70\u64c1\u6709\u9019\u4e9b\u8cc7\u5b89\u8a2d\u5099\uff0c\u5c07\u8a72\u7279\u5fb5\u8a2d\u5b9a\u70ba\u963b\u64cb\uff0c\u4ee5\u907f\u514d\u906d\u5916\u90e8\u653b\u64ca\u8005\u6210\u529f\u5165\u4fb5<\/p>\n

Checkpoint:<\/p>\n

Apache Log4j Remote Code Execution (CVE-2021-44228)<\/p>\n

 <\/p>\n

Deep Security:<\/p>\n

Apache Log4j Remote Code Execution Vulnerability (CVE-2021-44228)<\/p>\n

 <\/p>\n

Fidelis:<\/p>\n

FSS_CVE-2021-44228 – Apache Log4j Inject Request<\/p>\n

 <\/p>\n

Firepower:<\/p>\n

SERVER-OTHER Apache Log4j logging remote code execution attempt<\/p>\n

SERVER-APACHE Apache Log4j2 CVE- 2021-44228 Remote Code Execution Vulnerability<\/p>\n

 <\/p>\n

Fortigate:<\/p>\n

Apache.Log4j.Error.Log.Remote.Code.Execution<\/p>\n

 <\/p>\n

Palo Alto:<\/p>\n

Apache Log4j Remote Code Execution Vulnerability<\/p>\n

 <\/p>\n

Mcafee:<\/p>\n

UDS-HTTP: Apache Log4j2 Remote Code Execution Vulnerability<\/p>\n

HTTP: Apache Log4j2 Remote Code Execution Vulnerability (CVE-2021-44228)<\/p>\n

 <\/p>\n

TippingPoint:<\/p>\n

HTTP: JNDI Injection in HTTP Request<\/p>\n

 <\/p>\n

IBM:<\/p>\n

HTTP_Log4J_JndiLdap_Exec<\/p>\n

 <\/p>\n

DDI:<\/p>\n

HTTP_POSSIBLE_USERAGENT_RCE_EXPLOIT_REQUEST<\/p>\n

CVE-2021-44228 – OGNL EXPLOIT – HTTP(REQUEST)<\/p>\n

POSSIBLE HTTP HEADER OGNL EXPRESSION EXPLOIT – HTTP(REQUEST)<\/p>\n

POSSIBLE HTTP BODY OGNL EXPRESSION EXPLOIT – HTTP (REQUEST) – Variant 2<\/p>\n

 <\/p>\n

Sophos:<\/p>\n

SERVER-OTHER Apache Log4j logging remote code execution attempt<\/p>\n

SERVER-APACHE Apache Log4j2 CVE- 2021-44228 Remote Code Execution Vulnerability<\/td>\n<\/tr>\n

[\u53c3\u8003\u8cc7\u6599:]<\/p>\n
    \n
  1. https:\/\/hominido.medium.com\/iocs-para-log4shell-rce-0-day-cve-2021-44228-98019dd06f35<\/a><\/li>\n
  2. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228<\/a><\/li>\n
  3. https:\/\/www.ithome.com.tw\/news\/148307<\/a><\/li>\n
  4. https:\/\/community.riskiq.com\/article\/505098fc\/indicators<\/li>\n
  5. https:\/\/github.com\/advisories\/GHSA-jfh8-c2jp-5v3q<\/a><\/li>\n<\/ol>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n\n\n\n\n
    (\u6b64\u901a\u5831\u50c5\u5728\u65bc\u544a\u77e5\u76f8\u95dc\u8cc7\u8a0a\uff0c\u4e26\u975e\u70ba\u8cc7\u5b89\u4e8b\u4ef6)\uff0c\u5982\u679c\u60a8\u5c0d\u6b64\u901a\u5831\u7684\u5167\u5bb9\u6709\u7591\u554f\u6216\u6709\u95dc\u65bc\u6b64\u4e8b\u4ef6\u7684\u5efa\u8b70\uff0c\u6b61\u8fce\u8207\u6211\u5011\u9023\u7d61\u3002<\/td>\n<\/tr>\n
    \u6559\u80b2\u6a5f\u69cb\u8cc7\u5b89\u901a\u5831\u61c9\u8b8a\u5c0f\u7d44
    \n\u7db2\u5740\uff1ahttps:\/\/info.cert.tanet.edu.tw\/<\/a>
    \n\u5c08\u7dda\u96fb\u8a71\uff1a07-5250211
    \n\u7db2\u8def\u96fb\u8a71\uff1a98400000
    \nE-Mail\uff1a    service@cert.tanet.edu.tw<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

    \u6559\u80b2\u6a5f\u69cbANA\u901a\u5831\u5e73\u53f0 \u767c\u4f48\u7de8\u865f TACERT-ANA-2021122009121010 \u767c\u4f48\u6642\u9593 2021-12-20 09:25:10 \u4e8b\u6545\u985e\u578b ANA-\u6f0f\u6d1e\u9810\u8b66 \u767c\u73fe\u6642\u9593 2021-12-18 12:37:10 \u5f71\u97ff\u7b49\u7d1a \u4f4e [\u4e3b\u65e8\u8aaa\u660e:]\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Apache Log4j 2\u51fa\u73fe\u91cd\u5927\u9060\u7a0b\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e [\u5167\u5bb9\u8aaa\u660e:]<\/p>\n

    \u8f49\u767c \u6578\u806f\u8cc7\u5b89(ISSDU)\u60c5\u8cc7\u7de8\u865f\uff1aISSDU-ANA-202112-0002<\/p>\n

    \u7531\u65bc\u8a31\u591a\u77e5\u540d\u7684\u5927\u578b\u61c9\u7528\u7cfb\u7d71\u5982\u63a8\u7279\u3001iCloud\u3001Minecraft\u7b49\u90fd\u4f7f\u7528\u4e86Log4j\uff0c\u4e14\u9019\u9805\u6f0f\u6d1e\u6975\u70ba\u5bb9\u6613\u88ab\u5229\u7528\uff0c\u5df2\u7d93\u51fa\u73fe\u653b\u64ca\u884c\u52d5\u7684\u60c5\u6cc1\uff0c\u88ab\u8cc7\u5b89\u5c08\u5bb6\u7a31\u70ba\u8fd110\u5e74\u4f86\u6700\u56b4\u91cd\u7684\u6f0f\u6d1e\u3002<\/p>\n

    Apache Log4j 2\u662f\u57fa\u65bcJava\u7684\u65e5\u8a8c\u6846\u67b6\uff0c\u8fd1\u65e5\u4ed6\u5011\u767c\u5e03\u4e86\u65b0\u7248\u672c2.15.0\uff0c\u7576\u4e2d\u4fee\u88dc\u4e86\u4e00\u9805\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\u6d1e\uff0c\u7528\u6236\u76e1\u901f\u5347\u7d1a\u6700\u65b0\u7248\u672c\u3002\u6839\u64da\u963f\u91cc\u96f2\u5b89\u5168\u5718\u968a\u7684\u8aaa\u660e\uff0cApache Log4j2\u7684\u67d0\u4e9b\u529f\u80fd\u5b58\u5728\u905e\u8ff4\u89e3\u6790\u529f\u80fd\uff0c\u800c\u653b\u64ca\u8005\u53ef\u76f4\u63a5\u69cb\u9020\u60e1\u610f\u8acb\u6c42\uff0c\u89f8\u767c\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\u6d1e\uff0c\u4e26\u6307\u51faApache Struts2\u3001Apache Solr\u3001Apache Druid\u3001Apache Flink\u90fd\u53d7\u5f71\u97ff\u3002\u76ee\u524dCVE\u6f0f\u6d1e\u7de8\u865fCVE-2021-44228<\/p>\n

    \u60c5\u8cc7\u5206\u4eab\u7b49\u7d1a: WHITE(\u60c5\u8cc7\u5167\u5bb9\u70ba\u53ef\u516c\u958b\u63ed\u9732\u4e4b\u8cc7\u8a0a)<\/p>\n

    \u6b64\u8a0a\u606f\u50c5\u767c\u9001\u5230\u300c\u5340\u7e23\u5e02\u7db2\u8def\u4e2d\u5fc3\u300d\uff0c\u7169\u8acb\u8cb4\u55ae\u4f4d\u5354\u52a9\u516c\u544a\u6216\u8f49\u767c [\u5f71\u97ff\u5e73\u53f0:]<\/p>\n

    Apache Log4j 2.15.0 \u7248\u672c\u4e4b\u524d\u7684\u4efb\u4f55\u7248\u672c [\u5efa\u8b70\u63aa\u65bd:]<\/p>\n

    \u6b64\u554f\u984c\u5df2\u5728 Log4J v2.15.0 \u4e2d\u4fee\u5fa9\u3002Apache \u65e5\u8a8c\u670d\u52d9\u5718\u968a\u63d0\u4f9b\u4ee5\u4e0b\u7de9\u89e3\u5efa\u8b70\uff1a<\/p>\n

    \u5728\u4ee5\u524d\u7684\u7248\u672c\u4e2d\uff0c\u53ef\u4ee5\u901a\u904e\u5c07\u7cfb\u7d71\u5c6c\u6027log4j2.formatMsgNoLookups\u8a2d\u7f6e\u70baTRUE\u6216\u5f9e\u985e\u8def\u5f91\u4e2d\u522a\u9664 JndiLookup \u985e\u4f86\u7de9\u89e3\u9019\u7a2e\u884c\u70ba\u5982\u679c\u7121\u6cd5\u5347\u7d1a\uff0c\u8acb\u78ba\u4fdd\u5728\u5ba2\u6236\u7aef\u548c\u670d\u52d9\u5668\u7aef\u7d44\u4ef6\u4e0a\u90fd\u5c07\u53c3\u6578Dlog4j2.formatMsgNoLookups\u8a2d\u7f6e\u70baTRUE\u3002<\/p>\n

    \u76ee\u524d\u5df2\u6709\u8cc7\u5b89\u8a2d\u5099\u5ee0\u5546\u5df2\u91cb\u51fa\u76f8\u95dc\u653b\u64ca\u7279\u5fb5\uff0c\u5206\u5225\u6709\u4ee5\u4e0b\u5217\u8868\uff0c\u5efa\u8b70\u64c1\u6709\u9019\u4e9b\u8cc7\u5b89\u8a2d\u5099\uff0c\u5c07\u8a72\u7279\u5fb5\u8a2d\u5b9a\u70ba\u963b\u64cb\uff0c\u4ee5\u907f\u514d\u906d\u5916\u90e8\u653b\u64ca\u8005\u6210\u529f\u5165\u4fb5<\/p>\n

    Checkpoint:<\/p>\n

    Apache Log4j Remote Code Execution (CVE-2021-44228)<\/p>\n

     <\/p>\n

    Deep […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/24881"}],"collection":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/comments?post=24881"}],"version-history":[{"count":0,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/24881\/revisions"}],"wp:attachment":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/media?parent=24881"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/categories?post=24881"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/tags?post=24881"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}