www.cert.govt.nz
Open in
urlscan Pro
45.60.15.134
Public Scan
URL:
https://www.cert.govt.nz/it-specialists/advisories/log4j-rce-0-day-actively-exploited/
Submission Tags: falconsandbox
Submission: On October 29 via api from US — Scanned from NZ
Submission Tags: falconsandbox
Submission: On October 29 via api from US — Scanned from NZ
Form analysis
3 forms found in the DOMhttps://www.cert.govt.nz/search
<form action="https://www.cert.govt.nz/search" role="search" class="searchform--menu">
<div class="searchform--menu-holder"><label for="searchterm" class="sr-only">Enter your search term</label> <input type="search" id="searchterm" name="searchterm" value="" placeholder="Enter your search term" autocapitalize="off" autocomplete="off"
autocorrect="off" data-search-securityid="f00501aba2e2abe492dd6c422063923e5497825a" class="searchform-input"> <button type="submit" aria-label="Search Cert" class="searchform-submitbutton"><span class="sr-only">Search</span></button></div>
</form>
POST /it-specialists/advisories/log4j-rce-0-day-actively-exploited/Cert\Forms\FeedbackForm/
<form id="FeedbackForm_Cert_Forms_FeedbackForm" action="/it-specialists/advisories/log4j-rce-0-day-actively-exploited/Cert\Forms\FeedbackForm/" method="POST" enctype="application/x-www-form-urlencoded" class="feedback-form">
<p id="FeedbackForm_Cert_Forms_FeedbackForm_error" class="message " style="display: none"></p>
<fieldset>
<div id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_Holder" class="field optionsetfieldfeedback feedback-field--rating">
<label class="left">Was this helpful?</label>
<div class="middleColumn">
<ul class="optionsetfieldfeedback feedback-field--rating" id="FeedbackForm_Cert_Forms_FeedbackForm_Rating" aria-label="Rate this page from 1 to 5.">
<li class="odd val1">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_1" class="radio" name="Rating" type="radio" value="1">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_1">1</label>
</li>
<li class="even val2">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_2" class="radio" name="Rating" type="radio" value="2">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_2">2</label>
</li>
<li class="odd val3">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_3" class="radio" name="Rating" type="radio" value="3">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_3">3</label>
</li>
<li class="even val4">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_4" class="radio" name="Rating" type="radio" value="4">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_4">4</label>
</li>
<li class="odd val5">
<input id="FeedbackForm_Cert_Forms_FeedbackForm_Rating_5" class="radio" name="Rating" type="radio" value="5">
<label for="FeedbackForm_Cert_Forms_FeedbackForm_Rating_5">5</label>
</li>
</ul>
</div>
</div>
<div id="FeedbackForm_Cert_Forms_FeedbackForm_Message_Holder" class="field textarea feedback-field--message">
<label class="left" for="FeedbackForm_Cert_Forms_FeedbackForm_Message">Additional feedback</label>
<div class="middleColumn">
<textarea name="Message" class="textarea feedback-field--message" id="FeedbackForm_Cert_Forms_FeedbackForm_Message" placeholder="Please describe" rows="1" cols="20"></textarea>
</div>
</div>
<input type="hidden" name="SecurityID" value="f00501aba2e2abe492dd6c422063923e5497825a" class="hidden" id="FeedbackForm_Cert_Forms_FeedbackForm_SecurityID">
<div class="clear"><!-- --></div>
</fieldset>
<div class="btn-toolbar">
<input type="submit" name="action_submitfeedback" value="Submit" class="action feedback-submit pure-button pure-button--secondary" id="FeedbackForm_Cert_Forms_FeedbackForm_action_submitfeedback">
</div>
</form>
POST /it-specialists/advisories/log4j-rce-0-day-actively-exploited/SubscriptionForm/
<form id="Form_SubscriptionForm" action="/it-specialists/advisories/log4j-rce-0-day-actively-exploited/SubscriptionForm/" method="POST" enctype="application/x-www-form-urlencoded" class="subscription-form">
<p id="Form_SubscriptionForm_error" class="message " style="display: none"></p>
<fieldset>
<legend>Subscribe to updates</legend>
<h2 id="Form_SubscriptionForm_SubscribeTitle">Subscribe to CERTNZ</h2>
<div id="Form_SubscriptionForm_Name_Holder" class="field text">
<label class="left" for="Form_SubscriptionForm_Name">Name</label>
<div class="middleColumn">
<input type="text" name="Name" class="text" id="Form_SubscriptionForm_Name" required="required" aria-required="true" placeholder="e.g. Tim Berners-Lee">
</div>
</div>
<div id="Form_SubscriptionForm_Email_Holder" class="field email text">
<label class="left" for="Form_SubscriptionForm_Email">Email</label>
<div class="middleColumn">
<input type="email" name="Email" class="email text" id="Form_SubscriptionForm_Email" required="required" aria-required="true" placeholder="name@example.co.nz">
</div>
</div>
<p class="subscription-options-intro">Subscribe to</p>
<div id="Form_SubscriptionForm_SubscriptionOption_1_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_1" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_1">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_1">Online security alerts and information for individuals and businesses </label>
<span class="description">Alerts about the latest cyber security threats, plus information to help you or your business stay secure online. </span>
</div>
<div id="Form_SubscriptionForm_SubscriptionOption_4_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_4" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_4">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_4">Technical advisories for cyber security professionals </label>
<span class="description">Advisories and guidance for information security specialists about current cyber security threats, vulnerabilities, and how to mitigate their impact.</span>
</div>
<div id="Form_SubscriptionForm_SubscriptionOption_10_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_10" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_10">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_10">Get Cyber Smart campaign updates</label>
<span class="description">Get Cyber Smart is our awareness campaign for individuals and small to medium businesses. Subscribe to find out about the latest Get Cyber Smart campaigns including our annual Cyber Smart Week event in October. </span>
</div>
<div id="Form_SubscriptionForm_SubscriptionOption_7_Holder" class="field checkbox">
<input type="checkbox" name="SubscriptionOption_7" value="1" class="checkbox" id="Form_SubscriptionForm_SubscriptionOption_7">
<label class="right" for="Form_SubscriptionForm_SubscriptionOption_7">CERT NZ quarterly insights </label>
<span class="description">Our quarterly newsletter provides an update and analysis of the latest reporting numbers along with recent cyber security insights and CERT NZ news.</span>
</div>
<input type="hidden" name="SecurityID" value="f00501aba2e2abe492dd6c422063923e5497825a" class="hidden" id="Form_SubscriptionForm_SecurityID">
<div id="Form_SubscriptionForm_Captcha_Holder" class="field customnocaptcha">
<label class="left" for="Form_SubscriptionForm_Captcha">Spam protection</label>
<div class="middleColumn">
<div class="g-recaptcha" id="Nocaptcha-Form_SubscriptionForm_Captcha" data-sitekey="6LcYO4sdAAAAAIj3j8p4eenV-xpuK9RrIxpNTiRL" data-theme="light" data-type="image" data-size="normal" data-form="Form_SubscriptionForm" data-badge=""
data-widgetid="0">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA" width="304" height="78" role="presentation" name="a-mtcil4tcqemu" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcYO4sdAAAAAIj3j8p4eenV-xpuK9RrIxpNTiRL&co=aHR0cHM6Ly93d3cuY2VydC5nb3Z0Lm56OjQ0Mw..&hl=en&type=image&v=vm_YDiq1BiI3a8zfbIPZjtF2&theme=light&size=normal&cb=85z8ordn7i0b"></iframe>
</div><textarea id="g-recaptcha-response" name="g-recaptcha-response" class="g-recaptcha-response"
style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
<noscript>
<p>You must enable JavaScript to submit this form</p>
</noscript>
</div>
<span class="description">Please tick the box to prove you're a human and help us stop spam.</span>
</div>
<div class="clear"><!-- --></div>
</fieldset>
<div class="btn-toolbar">
<button type="submit" name="action_doSubscribe" value="Subscribe" class="action pure-button subscription-subscribe" id="Form_SubscriptionForm_action_doSubscribe">
<span>Subscribe</span>
</button>
</div>
</form>
Text Content
CYBER SMART WEEK IS COMING! FIND OUT HOW TO BECOME A 2023 SUPPORTER NOW! 23 August 2023 Dismiss Skip to main content Audience selector Select audience Subscribe to updates Follow us on Twitter on Facebook on LinkedIn Enter your search term Search Open menu Return to homepage * Guides * Critical controls * Advisories * News & Events * Report an incident Subscribe to updates Follow us on Twitter on Facebook on LinkedIn 1. Home 2. IT specialists 3. Advisories 4. Log4j RCE 0-day actively exploited ADVISORIES Our advisories highlight current cyber security threats and vulnerabilities in New Zealand, and provide guidance on how to mitigate their impact. Subscribe to our updates above to be notified as soon as we publish an advisory. 12:00pm, 20 December 2021 TLP Rating: Clear LOG4J RCE 0-DAY ACTIVELY EXPLOITED Updated: 12:00pm, 20 December 2021 to provide the latest information on version upgrades, and a new denial of service vulnerability in Log4j Updated: 4.10pm, 15 December 2021 to provide the latest information on version upgrades, mitigations and a new denial of service vulnerability in Log4j. Updated: 3.30pm, 13 December 2021 to provide link to list of related software's vulnerablity status. Updated: 10.30am, 11 December 2021 to provide the latest information on version upgrades to protect from this vulnerability. The widely-used java logging library, Log4j, has an unauthenticated remote code execution (RCE) and denial of service vulnerability if a user-controlled string is logged. This could allow the attacker full control of the affected server or allow an attacker to conduct a denial of service attack. Reports from online users show that this is being actively exploited in the wild and that proof-of-concept code has been published. WHAT'S HAPPENING SYSTEMS AFFECTED Systems and services that use the Java logging library, Apache Log4j between versions 2.0 and 2.15.0 (inclusive) are affected by the remote code execution vulnerability. Those running Apache Log4j between versions 2.0 and 2.16 (inclusive) are affected by a denial of service vulnerability. For more information on the specific configurations see the Apache advisory in the More Information section below. This includes many applications and services written in Java. WHAT TO LOOK FOR HOW TO TELL IF YOU'RE AT RISK Apache Log4j versions between version 2.0 and 2.15.0 (inclusive) are vulnerable to the remote code execution vulnerability. Apache Log4j versions between version 2.0 and 2.16.0 (inclusive) are vulnerable to a denial of service vulnerability. For more information on the specific configurations see the Apache advisory in the More Information section below. HOW TO TELL IF YOU'RE AFFECTED List of software and its vulnerablity status helpfully provided by NCSC-NL Log4j overview of related software External Link The log files for any services using affected Log4j versions will contain user-controlled strings. Rules to help with detection External Link WHAT TO DO PREVENTION Upgrade your Log4j versions to the latest version. The current latest Log4j version is 2.17.1 which fixes both vulnerabilities. Note: this upgrade requires Java 8 or greater. If you cannot upgrade to Java 8 and are running Java 7, Apache have released Log4j 2.12.2 MITIGATION Previously it was reported that setting log4j2.formatMsgNoLookups to true would mitigate the vulnerability but this is no longer this case under all circumstances. This mitigation may still help but is no longer sufficient. Note: this mitigation does not prevent denial of service and will only work for versions 2.10 and above. This mitigation may impact the behaviour of your system’s logging if it relies on Lookups for message formatting. MORE INFORMATION Apache's Log4ji advisory (External Link) External Link Tech Solvency incident overview and reference guide (External Link) External Link NCSC-NL's list of software and vulnerability status (External Link) External Link LunaSec's blog on Log4j (External Link) External Link GitHub's potential rules that allow detection of exploit attempts (External Link) External Link CVE for Log4j RCE vulnerability (External Link) External Link CVE for Log4j DOS vulnerability (External Link) External Link CVE for Log4j 2.16.0 DOS vulnerability (External Link) External Link Mitigating Log4Shell and Other Log4j-Related Vulnerabilities | CISA External Link (External Link) If you require more information or further support, submit a report on our website or contact us on 0800 CERTNZ. For media enquiries, email our media desk at media@mbie.govt.nz or call the MBIE media team on 027 442 2141. Was this helpful? * 1 * 2 * 3 * 4 * 5 Additional feedback FOOTER * About us * Quarterly reports * Contact us * Traffic light protocol * Resources * Phishing Disruption Service™ Follow us on Twitter on Facebook on LinkedIN * © 2023 CERTNZ * Copyright * Disclaimer * Privacy and information statement Te Kāwanatanga o Aotearoa New Zealand Government >GLOSSARY TERM Subscribe to updates SUBSCRIBE TO CERTNZ Name Email Subscribe to Online security alerts and information for individuals and businesses Alerts about the latest cyber security threats, plus information to help you or your business stay secure online. Technical advisories for cyber security professionals Advisories and guidance for information security specialists about current cyber security threats, vulnerabilities, and how to mitigate their impact. Get Cyber Smart campaign updates Get Cyber Smart is our awareness campaign for individuals and small to medium businesses. Subscribe to find out about the latest Get Cyber Smart campaigns including our annual Cyber Smart Week event in October. CERT NZ quarterly insights Our quarterly newsletter provides an update and analysis of the latest reporting numbers along with recent cyber security insights and CERT NZ news. Spam protection You must enable JavaScript to submit this form Please tick the box to prove you're a human and help us stop spam. Subscribe