{"id":16809,"date":"2021-12-13T17:52:20","date_gmt":"2021-12-13T08:52:20","guid":{"rendered":"https:\/\/cloud.sakura.ad.jp\/news\/?p=16809"},"modified":"2021-12-20T16:59:34","modified_gmt":"2021-12-20T07:59:34","slug":"apache-log4j-security-vulnerabilities","status":"publish","type":"post","link":"https:\/\/cloud.sakura.ad.jp\/news\/2021\/12\/13\/apache-log4j-security-vulnerabilities\/","title":{"rendered":"Apache Log4j\u306e\u4efb\u610f\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027 (CVE-2021-44228) \u306b\u95a2\u3059\u308b\u304a\u9858\u3044"},"content":{"rendered":"

Java\u3067\u5229\u7528\u3055\u308c\u308b\u30ed\u30ae\u30f3\u30b0\u30e9\u30a4\u30d6\u30e9\u30ea\u306eApache Log4j\u306b\u3066\u4efb\u610f\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\uff08Remote Code Execution, RCE\uff09\u3001\u8106\u5f31\u6027 (CVE-2021-44228) \u304c\u5b58\u5728\u3059\u308b\u3053\u3068\u304c\u5224\u660e\u3044\u305f\u3057\u307e\u3057\u305f\u3002\u30b5\u30fc\u30d0\u5916\u90e8\u304b\u3089\u672c\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n

<\/p>\n

Apache Log4j \u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u306f\u4ee5\u4e0b\u306eURL\u3092\u53c2\u8003\u306b\u3057\u3066\u304f\u3060\u3055\u3044<\/p>\n

\u30fbJPCERT\/CC Apache Log4j\u306e\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\uff08CVE-2021-44228\uff09\u306b\u95a2\u3059\u308b\u6ce8\u610f\u559a\u8d77<\/a><\/p>\n

\u5bfe\u8c61\u30d0\u30fc\u30b8\u30e7\u30f3<\/h2>\n

\u5bfe\u8c61\u3068\u306a\u308b\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059<\/p>\n

\u30fbApache Log4j 2.15.0 \u3088\u308a\u53e4\u3044\u30d0\u30fc\u30b8\u30e7\u30f3(2\u7cfb\u306e\u307f)<\/p>\n

\u304a\u5ba2\u69d8\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u5185\u3067\u3001\u8a72\u5f53\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306eApache Log4j\u3092\u304a\u4f7f\u3044\u306e\u5834\u5408\u306f\u901f\u3084\u304b\u306b 2.15.0 \u4ee5\u964d\u3078\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u304a\u9858\u3044\u3057\u307e\u3059\u3002<\/p>\n

2021\u5e7412\u670816\u65e5\u8ffd\u8a18<\/h3>\n

Apache Log4j\u306e\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3(Denial of Service, DoS)\u8106\u5f31\u6027(CVE-2021-45046)\u306b\u3064\u3044\u3066\u8ffd\u52a0\u3067\u767a\u8868\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

\u4efb\u610f\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3067\u304d\u308b\u8106\u5f31\u6027(CVE-2021-44228)\u304a\u3088\u3073\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3\u8106\u5f31\u6027(CVE-2021-45046)\u306b\u5bfe\u5fdc\u3059\u308b\u305f\u3081\u30012.16.0 \u4ee5\u964d(Java 8\u4ee5\u964d\u3092\u304a\u4f7f\u3044\u306e\u5834\u5408)\u307e\u305f\u306f2.12.2(Java 7\u3092\u304a\u4f7f\u3044\u306e\u5834\u5408)\u3078\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u304a\u9858\u3044\u3057\u307e\u3059\u3002<\/p>\n

2021\u5e7412\u670820\u65e5\u8ffd\u8a18<\/h3>\n

Apache Log4j 2.16.0\u4ee5\u4e0b\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u3066\u65b0\u305f\u306a\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3\u8106\u5f31\u6027(CVE-2021-45105)\u304c\u767a\u8868\u3055\u308c\u3066\u304a\u308a\u307e\u3059\u3002Java 8\u4ee5\u964d\u3092\u304a\u4f7f\u3044\u306e\u5834\u5408\u306f\u672c\u8106\u5f31\u6027\u306b\u5bfe\u5fdc\u3057\u305f 2.17.0 \u4ee5\u964d\u3078\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u304a\u9858\u3044\u3057\u307e\u3059\u3002<\/p>\n

Java 7\u3092\u304a\u4f7f\u3044\u306e\u5834\u5408\u306f\u4ee5\u4e0b\u306eURL\u3092\u53c2\u7167\u3057\u3001\u5bfe\u7b56\u3092\u884c\u3063\u3066\u304f\u3060\u3055\u3044\u3002
\nLog4j – Apache Log4j Security Vulnerabilities<\/a><\/p>\n

\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3078\u306e\u5f71\u97ff<\/h2>\n

Apache Log4j \u306f\u30ed\u30b0\u3092\u8a18\u9332\u3059\u308b\u76ee\u7684\u3067\u3001\u69d8\u3005\u306a\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u3067\u5229\u7528\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

Java\u306b\u3088\u3063\u3066\u69cb\u7bc9\u3055\u308c\u3066\u3044\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u3054\u5229\u7528\u306e\u5834\u5408\u3001\u958b\u767a\u5143\u304c\u516c\u958b\u3059\u308b\u60c5\u5831\u3092\u53c2\u7167\u3057\u3001\u5fc5\u8981\u306a\u5bfe\u7b56\u3092\u304a\u9858\u3044\u3057\u307e\u3059\u3002<\/p>\n

\u4ee3\u8868\u7684\u306a\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\uff0f\u63d0\u4f9b\u5143\u306e\u8106\u5f31\u6027\u60c5\u5831<\/h3>\n

\u30fbMinecraft<\/p>\n

Important Message: Security vulnerability in Java Edition | Minecraft<\/a><\/p>\n

\u30fbElastic(Elasticsearch\/logstash\u7b49)<\/p>\n

Apache Log4j2 Remote Code Execution (RCE) Vulnerability – CVE-2021-44228 – ESA-2021-31 – Security Announcements – Discuss the Elastic Stack<\/a><\/p>\n

\u30fbJenkins<\/p>\n

Apache Log4j 2 vulnerability CVE-2021-44228<\/a><\/p>\n

\u30fbMetabase<\/p>\n

ump log4j from 2.14.1 to 2.15.0 (#19309) \u00b7 metabase\/metabase@8bfce98 \u00b7 GitHub<\/a><\/p>\n

\u3055\u304f\u3089\u306e\u30af\u30e9\u30a6\u30c9 \u57fa\u76e4\u30b7\u30b9\u30c6\u30e0\u3078\u306e\u5f71\u97ff<\/h2>\n

\u3055\u304f\u3089\u306e\u30af\u30e9\u30a6\u30c9\u306e\u57fa\u76e4\u30b7\u30b9\u30c6\u30e0(\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u30b7\u30b9\u30c6\u30e0\u306e\u307b\u304b\u3001\u30b3\u30f3\u30c8\u30ed\u30fc\u30eb\u30d1\u30cd\u30eb\u7b49\u306e\u30d5\u30ed\u30f3\u30c8\u30a8\u30f3\u30c9\u30b7\u30b9\u30c6\u30e0\u3082\u542b\u307f\u307e\u3059)\u306b\u304a\u3044\u3066\u3001\u672c\u8106\u5f31\u6027\u306e\u5f71\u97ff\u3092\u53d7\u3051\u308b\u88fd\u54c1\u306f\u4f7f\u7528\u3057\u3066\u304a\u308a\u307e\u305b\u3093\u3002<\/p>\n

\u306a\u304a\u3001\u3055\u304f\u3089\u306e\u30af\u30e9\u30a6\u30c9\u4ee5\u5916\u306e\u5f0a\u793e\u63d0\u4f9b\u5404\u30b5\u30fc\u30d3\u30b9\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066\u306f\u3001\u3010\u91cd\u8981\u3011Apache Log4j \u30e9\u30a4\u30d6\u30e9\u30ea\u306e\u8106\u5f31\u6027\u306b\u304a\u3051\u308b\u5f53\u793e\u30b5\u30fc\u30d3\u30b9\u3078\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066<\/a>\u3092\u53c2\u7167\u304f\u3060\u3055\u3044\u3002<\/p>\n

\u53c2\u8003\u60c5\u5831<\/h2>\n

\u30fb\u3055\u304f\u3089\u306e\u30af\u30e9\u30a6\u30c9\u3067\u63d0\u4f9b\u3059\u308bWAF\u300cSiteGuard Server Edition\u300d\u306b\u3066\u672c\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u60c5\u5831\u304c\u3067\u3066\u304a\u308a\u307e\u3059
\n\u3000Apache Log4j\u306e\u8106\u5f31\u6027\uff08CVE-2021-44228\uff09\u3068\u300cSiteGuard\u30b7\u30ea\u30fc\u30ba\u300d\u306e\u5bfe\u5fdc<\/a><\/p>\n

\u30fbGitHub Restrict LDAP access via JNDI #608 – apache \/ logging-log4j2<\/a><\/p>\n

\u30fb\u7c73LunaSec\u306e\u5831\u544a: RCE 0-day exploit found in log4j2, a popular Java logging package<\/a><\/p>\n

\u30fb\u3055\u304f\u3089\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8 \u3055\u304f\u3089\u306e\u30b5\u30dd\u30fc\u30c8\u60c5\u5831: Minecraft Server(Java\u7248) \u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306e\u304a\u9858\u3044<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Java\u3067\u5229\u7528\u3055\u308c\u308b\u30ed\u30ae\u30f3\u30b0\u30e9\u30a4\u30d6\u30e9\u30ea\u306eApache Log4j\u306b\u3066\u4efb\u610f\u306e\u30ea\u30e2\u30fc\u30c8\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308b\uff08Remote Code Execution, RCE\uff09\u3001\u8106\u5f31\u6027 (CVE-2021-44228) \u304c\u5b58\u5728\u3059\u308b\u3053\u3068\u304c\u5224\u660e\u3044\u305f\u3057\u307e\u3057\u305f\u3002\u30b5\u30fc\u30d0\u5916\u90e8\u304b\u3089\u672c\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u3053\u3068\u3067\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n","protected":false},"author":10,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-16809","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts\/16809","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/comments?post=16809"}],"version-history":[{"count":14,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts\/16809\/revisions"}],"predecessor-version":[{"id":16961,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/posts\/16809\/revisions\/16961"}],"wp:attachment":[{"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/media?parent=16809"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/categories?post=16809"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cloud.sakura.ad.jp\/news\/wp-json\/wp\/v2\/tags?post=16809"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}