{"uuid": "47882171-8479-44c5-87fc-f7cf7f795119", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-44228", "type": "exploited", "source": "https://t.me/tech_b0lt_Genona/2948", "content": "\u0412 \u0441\u0432\u044f\u0437\u0438 \u0441 \u044d\u0442\u043e\u0439 \u0432\u0441\u0435\u0439 \u044d\u043f\u043e\u043f\u0435\u0435\u0439 \u0441 \u043b\u043e\u0433\u0430\u043c\u0438 \u0432 Java \u043f\u043e\u0434 \u0440\u0430\u0437\u0434\u0430\u0447\u0443 \u043f\u043e\u043f\u0430\u043b logback\n\n\u0417\u0430\u0434\u0430\u0447\u0430\nPossibility of vulnerability\nhttps://jira.qos.ch/browse/LOGBACK-1591\n\n\u0418 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435, \u0433\u0434\u0435 \u0430\u0436 \u0431\u043e\u043b\u044c\u0448\u0438\u043c\u0438 \u043a\u0440\u0430\u0441\u043d\u044b\u043c\u0438 \u0437\u0435\u043b\u0451\u043d\u044b\u043c\u0438 \u0431\u0443\u043a\u0432\u0430\u043c\u0438 \u043d\u0430\u043f\u0438\u0441\u0430\u043b\u0438\n\n> We note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. Please understand that log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels.\n\n\u0418\u0437 \u0442\u0435\u043a\u0441\u0442\u0430 \u0440\u0435\u043b\u0438\u0437\u0430\n\nIn response to LOGBACK-1591, we have disabled all JNDI lookup code in logback until further notice. This impacts ContextJNDISelector and  element in configuration files.\n\nWe note that the vulnerability mentioned in LOGBACK-1591 requires write access to logback's configuration file as a prerequisite. Please understand that log4Shell/CVE-2021-44228 and LOGBACK-1591 are of different severity levels. A successul RCE requires all of the following conditions to be met:\n\n- write access to logback.xml\n- use of versions < 1.2.8\n- reloading of poisoned configuration data, which implies application restart or scan=\"true\" set prior to attack\n\nAs an additional extra precaution, in addition to upgrading to logback version 1.2.8, we also recommend users to set their logback configuration files as read-only.\nhttp://logback.qos.ch/news.html\n\n\u0422\u0430\u043a \u0447\u0442\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u043e\u0439\u0442\u0438 \u0438 \u043b\u0438\u0448\u043d\u0438\u0439 \u0440\u0430\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c \u0432\u0430\u0448 logback \u0438 \u043a\u0430\u043a \u043e\u043d \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f.", "creation_timestamp": "2021-12-15T12:24:08.000000Z"}