{"id":25338,"date":"2022-02-15T12:22:15","date_gmt":"2022-02-15T04:22:15","guid":{"rendered":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/?p=25338"},"modified":"2024-11-19T11:22:03","modified_gmt":"2024-11-19T03:22:03","slug":"%e3%80%90%e6%bc%8f%e6%b4%9e%e9%a0%90%e8%ad%a6%e3%80%91apache-log4j%e6%98%af%e4%b8%80%e5%80%8bjava%e6%97%a5%e8%aa%8c%e8%a8%98%e9%8c%84%e5%b7%a5%e5%85%b7%ef%bc%8c%e7%a0%94%e7%a9%b6%e4%ba%ba%e5%93%a1","status":"publish","type":"post","link":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/archives\/25338","title":{"rendered":"\u3010\u6f0f\u6d1e\u9810\u8b66\u3011Apache Log4j\u5b58\u5728Log4Shell\u5b89\u5168\u6f0f\u6d1e(CVE-2021-44228)\uff0c\u5141\u8a31\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u8acb\u5118\u901f\u78ba\u8a8d\u4e26\u9032\u884c\u66f4\u65b0"},"content":{"rendered":"

\u884c\u653f\u9662\u570b\u5bb6\u8cc7\u901a\u5b89\u5168\u6703\u5831\u6280\u8853\u670d\u52d9\u4e2d\u5fc3<\/h3>\n

\u6f0f\u6d1e\/\u8cc7\u5b89\u8a0a\u606f\u8b66\u8a0a<\/h3>\n\n\n\n\n\n\n\n\n\n\n\n\n
\u767c\u5e03\u7de8\u865f<\/td>\nNCCST-ANA-2021-0000612<\/td>\n\u767c\u5e03\u6642\u9593<\/td>\nMon Feb 14 16:07:59 CST 2022<\/td>\n<\/tr>\n
\u4e8b\u4ef6\u985e\u578b<\/td>\n\u6f0f\u6d1e\u9810\u8b66<\/td>\n\u767c\u73fe\u6642\u9593<\/td>\nMon Feb 14 00:00:00 CST 2022<\/td>\n<\/tr>\n
\u8b66\u8a0a\u540d\u7a31<\/td>\n[\u66f4\u65b0\u6aa2\u6e2c\u8207\u4fee\u88dc\u8aaa\u660e]Apache Log4j\u5b58\u5728Log4Shell\u5b89\u5168\u6f0f\u6d1e(CVE-2021-44228)\uff0c\u5141\u8a31\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u8acb\u5118\u901f\u78ba\u8a8d\u4e26\u9032\u884c\u66f4\u65b0<\/td>\n<\/tr>\n
\u5167\u5bb9\u8aaa\u660e<\/td>\nApache Log4j\u662f\u4e00\u500bJava\u65e5\u8a8c\u8a18\u9304\u5de5\u5177\uff0c\u7814\u7a76\u4eba\u54e1\u767c\u73feLog4j\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e(CVE-2021-44228)\uff0c\u653b\u64ca\u8005\u53ef\u85c9\u7531\u767c\u9001\u7279\u88fdLog\u8a0a\u606f\uff0c\u5229\u7528\u6f0f\u6d1e\u9032\u800c\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc<\/td>\n<\/tr>\n
\u5f71\u97ff\u5e73\u53f0<\/td>\n(1)Apache Log4j 2.0-beta9\u81f32.14.1(\u542b)\u7248\u672c<\/p>\n

(2)\u6f0f\u6d1e\u6aa2\u6e2c\u65b9\u5f0f\u8207\u76f8\u95dc\u6280\u8853\u7d30\u7bc0\u8a73\u898b\u9644\u4ef6\u8aaa\u660e<\/td>\n<\/tr>\n

\u5f71\u97ff\u7b49\u7d1a<\/td>\n\u9ad8<\/td>\n<\/tr>\n
\u5efa\u8b70\u63aa\u65bd<\/td>\n1.\u76ee\u524dApache Log4j\u5b98\u65b9\u7db2\u9801\u5df2\u91dd\u5c0d\u6b64\u6f0f\u6d1e\u91cb\u51fa\u66f4\u65b0\u7a0b\u5f0f\uff0c\u8acb\u5404\u6a5f\u95dc\u806f\u7d61\u8a2d\u5099\u7dad\u8b77\u5ee0\u5546\u9032\u884c\u7248\u672c\u78ba\u8a8d\u4e26\u66f4\u65b0\uff0c\u5176\u4e2dJava 8\u74b0\u5883\u8acb\u66f4\u65b0\u81f3Log4j 2.17.0\u6216\u4e4b\u5f8c\u7248\u672c\u3001Java 7\u74b0\u5883\u8acb\u66f4\u65b0\u81f3Log4j 2.12.3\u6216\u4e4b\u5f8c\u7248\u672c\u3001Java 6\u74b0\u5883\u8acb\u66f4\u65b0\u81f3Log4j 2.3.1\u6216\u4e4b\u5f8c\u7248\u672c\uff1a<\/p>\n

https:\/\/logging.apache.org\/log4j\/2.x\/security.html<\/a><\/p>\n

2.\u6f0f\u6d1e\u4fee\u88dc\u524d\uff0c\u4ea6\u53ef\u900f\u904e\u4ee5\u4e0b\u6b65\u9a5f\u505c\u7528JNDI Lookup\u529f\u80fd\uff0c\u4ee5\u7de9\u89e3\u6b64\u6f0f\u6d1e<\/p>\n

(1)\u91dd\u5c0dlog4j\u7248\u672c>=2.10\u7684\u7cfb\u7d71<\/p>\n

A.\u8acb\u8a2d\u5b9a\u5c6c\u6027\u300clog4j2.formatMsgNoLookups=true\u300d\u3002<\/p>\n

B.\u8acb\u8a2d\u5b9a\u74b0\u5883\u8b8a\u6578\u300cLOG4J_FORMAT_MSG_NO_LOOKUPS=true\u300d\u3002<\/p>\n

(2)\u91dd\u5c0dlog4j\u7248\u672c\u70ba2.0-beta9\u52302.10.0\u7684\u7cfb\u7d71<\/p>\n

\u8acb\u81ea\u985e\u5225\u8def\u5f91(class path)\u4e2d\u79fb\u9664JndiLookup.class\u3002\u5982\u57f7\u884c\u4e0b\u5217\u6307\u4ee4\uff0c\u4ee5\u81ealog4j-core\u4e2d\u79fb\u9664\u8a72\u985e\u5225\uff1a<\/p>\n

\u300czip -q -d log4j-core-*.jar org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class\u300d\u3002<\/p>\n

3.\u900f\u904eWAF\u5c0d\u76f8\u95dc\u60e1\u610f\u8a9e\u6cd5\u9032\u884c\u904e\u6ffe\u53ca\u963b\u64cb<\/p>\n

\u4f7f\u7528\u5c0d\u5916\u9632\u8b77\u8a2d\u5099\u91dd\u5c0dJNDI\u4e4b\u76f8\u95dc\u60e1\u610f\u653b\u64ca\u884c\u70ba\u8a2d\u5b9a\u898f\u5247\u9032\u884c\u963b\u64cb\uff0c\u4f8b\u5982\u201d$(jndi:ldap:\/\/\u201d\u3002<\/p>\n

4.\u8a55\u4f30\u65bcJava\u4f3a\u670d\u5668\u589e\u52a0\u4ee5\u4e0b\u8a2d\u5b9a\u4ee5\u9632\u6b62\u4e0b\u8f09\u8207\u57f7\u884c\u53ef\u80fd\u5177\u98a8\u96aa\u4e4b\u60e1\u610fJava Class<\/p>\n

\u5c07com.sun.jndi.ldap.object.trustURLCodebase\u8a2d\u5b9a\u70bafalse\uff0c\u4f7fJNDI\u7121\u6cd5\u4f7f\u7528LDAP\u4e0b\u8f09\u9060\u7aefJava Class\u3002<\/td>\n<\/tr>\n

\u53c3\u8003\u8cc7\u6599<\/td>\n\n
    \n
  1. https:\/\/logging.apache.org\/log4j\/2.x\/security.html<\/a><\/li>\n
  2. https:\/\/www.tenable.com\/blog\/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability<\/a><\/li>\n
  3. https:\/\/thehackernews.com\/2021\/12\/extremely-critical-log4j-vulnerability.html<\/li>\n
  4. https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228<\/a><\/li>\n<\/ol>\n<\/td>\n<\/tr>\n
<\/td>\n<\/tr>\n
\u6b64\u985e\u901a\u544a\u767c\u9001\u5c0d\u8c61\u70ba\u901a\u5831\u61c9\u8b8a\u7db2\u7ad9\u767b\u8a18\u4e4b\u8cc7\u5b89\u4eba\u54e1\u3002\u82e5\u8cb4\u00a0\u55ae\u4f4d\u4e4b\u8cc7\u5b89\u4eba\u54e1\u6709\u8b8a\u66f4\uff0c\u53ef\u9015\u81ea\u767b\u5165\u901a\u5831\u61c9\u8b8a\u7db2\u7ad9\uff08https:\/\/www.ncert.nat.gov.tw<\/a>\uff09\u9032\u884c\u4fee\u6539\u3002\u82e5\u60a8\u4ecd\u70ba\u8cb4\u55ae\u4f4d\u4e4b\u8cc7\u5b89\u4eba\u54e1\u4f46\u975e\u672c\u4e8b\u4ef6\u4e4b\u8655\u7406\u4eba\u54e1\uff0c\u8acb\u5354\u52a9\u5c07\u6b64\u901a\u544a\u544a\u77e5\u76f8\u95dc\u8655\u7406\u4eba\u54e1\u3002<\/p>\n

\u5982\u679c\u60a8\u5c0d\u6b64\u901a\u544a\u5167\u5bb9\u6709\u7591\u554f\u6216\u6709\u95dc\u65bc\u6b64\u4e8b\u4ef6\u4e4b\u5efa\u8b70\uff0c\u8acb\u52ff\u76f4\u63a5\u56de\u8986\u6b64\u4fe1\u4ef6\uff0c\u8acb\u4ee5\u4e0b\u8ff0\u806f\u7d61\u8cc7\u8a0a\u8207\u6211\u5011\u9023\u7d61\u3002
\n\u5730\u00a0\u5740\uff1a\u00a0\u53f0\u5317\u5e02\u5bcc\u967d\u8857116\u865f
\n\u806f\u7d61\u96fb\u8a71\uff1a\u00a002-27339922
\n\u50b3\u771f\u96fb\u8a71\uff1a\u00a002-27331655
\n\u96fb\u5b50\u90f5\u4ef6\u4fe1\u7bb1\uff1a\u00a0service@nccst.nat.gov.tw<\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

\u884c\u653f\u9662\u570b\u5bb6\u8cc7\u901a\u5b89\u5168\u6703\u5831\u6280\u8853\u670d\u52d9\u4e2d\u5fc3 \u6f0f\u6d1e\/\u8cc7\u5b89\u8a0a\u606f\u8b66\u8a0a \u767c\u5e03\u7de8\u865f NCCST-ANA-2021-0000612 \u767c\u5e03\u6642\u9593 Mon Feb 14 16:07:59 CST 2022 \u4e8b\u4ef6\u985e\u578b \u6f0f\u6d1e\u9810\u8b66 \u767c\u73fe\u6642\u9593 Mon Feb 14 00:00:00 CST 2022 \u8b66\u8a0a\u540d\u7a31 [\u66f4\u65b0\u6aa2\u6e2c\u8207\u4fee\u88dc\u8aaa\u660e]Apache Log4j\u5b58\u5728Log4Shell\u5b89\u5168\u6f0f\u6d1e(CVE-2021-44228)\uff0c\u5141\u8a31\u653b\u64ca\u8005\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u8acb\u5118\u901f\u78ba\u8a8d\u4e26\u9032\u884c\u66f4\u65b0 \u5167\u5bb9\u8aaa\u660e Apache Log4j\u662f\u4e00\u500bJava\u65e5\u8a8c\u8a18\u9304\u5de5\u5177\uff0c\u7814\u7a76\u4eba\u54e1\u767c\u73feLog4j\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e(CVE-2021-44228)\uff0c\u653b\u64ca\u8005\u53ef\u85c9\u7531\u767c\u9001\u7279\u88fdLog\u8a0a\u606f\uff0c\u5229\u7528\u6f0f\u6d1e\u9032\u800c\u9060\u7aef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc \u5f71\u97ff\u5e73\u53f0 (1)Apache Log4j 2.0-beta9\u81f32.14.1(\u542b)\u7248\u672c<\/p>\n

(2)\u6f0f\u6d1e\u6aa2\u6e2c\u65b9\u5f0f\u8207\u76f8\u95dc\u6280\u8853\u7d30\u7bc0\u8a73\u898b\u9644\u4ef6\u8aaa\u660e \u5f71\u97ff\u7b49\u7d1a \u9ad8 \u5efa\u8b70\u63aa\u65bd 1.\u76ee\u524dApache Log4j\u5b98\u65b9\u7db2\u9801\u5df2\u91dd\u5c0d\u6b64\u6f0f\u6d1e\u91cb\u51fa\u66f4\u65b0\u7a0b\u5f0f\uff0c\u8acb\u5404\u6a5f\u95dc\u806f\u7d61\u8a2d\u5099\u7dad\u8b77\u5ee0\u5546\u9032\u884c\u7248\u672c\u78ba\u8a8d\u4e26\u66f4\u65b0\uff0c\u5176\u4e2dJava 8\u74b0\u5883\u8acb\u66f4\u65b0\u81f3Log4j 2.17.0\u6216\u4e4b\u5f8c\u7248\u672c\u3001Java 7\u74b0\u5883\u8acb\u66f4\u65b0\u81f3Log4j 2.12.3\u6216\u4e4b\u5f8c\u7248\u672c\u3001Java 6\u74b0\u5883\u8acb\u66f4\u65b0\u81f3Log4j 2.3.1\u6216\u4e4b\u5f8c\u7248\u672c\uff1a<\/p>\n

https:\/\/logging.apache.org\/log4j\/2.x\/security.html<\/p>\n

2.\u6f0f\u6d1e\u4fee\u88dc\u524d\uff0c\u4ea6\u53ef\u900f\u904e\u4ee5\u4e0b\u6b65\u9a5f\u505c\u7528JNDI Lookup\u529f\u80fd\uff0c\u4ee5\u7de9\u89e3\u6b64\u6f0f\u6d1e<\/p>\n

(1)\u91dd\u5c0dlog4j\u7248\u672c>=2.10\u7684\u7cfb\u7d71<\/p>\n

A.\u8acb\u8a2d\u5b9a\u5c6c\u6027\u300clog4j2.formatMsgNoLookups=true\u300d\u3002<\/p>\n

B.\u8acb\u8a2d\u5b9a\u74b0\u5883\u8b8a\u6578\u300cLOG4J_FORMAT_MSG_NO_LOOKUPS=true\u300d\u3002<\/p>\n

(2)\u91dd\u5c0dlog4j\u7248\u672c\u70ba2.0-beta9\u52302.10.0\u7684\u7cfb\u7d71<\/p>\n

\u8acb\u81ea\u985e\u5225\u8def\u5f91(class path)\u4e2d\u79fb\u9664JndiLookup.class\u3002\u5982\u57f7\u884c\u4e0b\u5217\u6307\u4ee4\uff0c\u4ee5\u81ealog4j-core\u4e2d\u79fb\u9664\u8a72\u985e\u5225\uff1a<\/p>\n

\u300czip -q -d log4j-core-*.jar […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[6],"tags":[],"_links":{"self":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/25338"}],"collection":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/comments?post=25338"}],"version-history":[{"count":0,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/posts\/25338\/revisions"}],"wp:attachment":[{"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/media?parent=25338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/categories?post=25338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webnas.bhes.ntpc.edu.tw\/wordpress\/wp-json\/wp\/v2\/tags?post=25338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}