{"id":11824,"date":"2021-12-13T11:09:42","date_gmt":"2021-12-13T02:09:42","guid":{"rendered":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/?p=11824"},"modified":"2023-10-17T11:40:38","modified_gmt":"2023-10-17T02:40:38","slug":"apache-log4j%e3%81%ae%e4%bb%bb%e6%84%8f%e3%81%ae%e3%82%b3%e3%83%bc%e3%83%89%e5%ae%9f%e8%a1%8c%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7%ef%bc%88cve-2021-44228%ef%bc%89%e3%81%ab%e9%96%a2%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/public\/heads-up\/apache-log4j%e3%81%ae%e4%bb%bb%e6%84%8f%e3%81%ae%e3%82%b3%e3%83%bc%e3%83%89%e5%ae%9f%e8%a1%8c%e3%81%ae%e8%84%86%e5%bc%b1%e6%80%a7%ef%bc%88cve-2021-44228%ef%bc%89%e3%81%ab%e9%96%a2%e3%81%99%e3%82%8b\/","title":{"rendered":"Apache Log4j\u306e\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\uff08CVE-2021-44228\uff09\u306b\u95a2\u3059\u308b\u6ce8\u610f\u559a\u8d77"},"content":{"rendered":"\n

I. \u6982\u8981<\/p>\n

** \u66f4\u65b0: 2022\u5e741\u67084\u65e5\u8a18\u8f09 ******************************************************************************************
\u73fe\u6642\u70b9\u3067\u4e0d\u660e\u306a\u70b9\u3082\u3042\u308b\u3053\u3068\u304b\u3089\u3001\u4eca\u5f8c\u306e\u52d5\u5411\u6b21\u7b2c\u3067\u4e0b\u8a18\u63b2\u8f09\u5185\u5bb9\u3092\u4fee\u6b63\u3001\u66f4\u65b0\u3059\u308b\u4e88\u5b9a\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001\u95a2\u9023\u60c5\u5831\u3078\u306e\u6ce8\u8996\u306e\u307b\u304b\u3001\u672c\u6ce8\u610f\u559a\u8d77\u306e\u66f4\u65b0\u5185\u5bb9\u3082\u9010\u6b21\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n

\u6b21\u306e\u66f4\u65b0\u3092\u884c\u3044\u307e\u3057\u305f\u3002
\u8a73\u7d30\u306f\u300cIII. \u5bfe\u7b56\u300d\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n

– Apache Log4j\u306e\u30d0\u30fc\u30b8\u30e7\u30f32.17.1\uff08Java 8\u4ee5\u964d\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u30012.12.4\uff08Java 7\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u53ca\u30732.3.2\uff08Java 6\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f<\/p>\n

****************************************************************************************************************<\/p>\n

Java\u30d9\u30fc\u30b9\u306e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9\u306e\u30ed\u30ae\u30f3\u30b0\u30e9\u30a4\u30d6\u30e9\u30ea\u306eApache Log4j\u306b\u306f\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\uff08CVE-2021-44228\uff09\u304c\u3042\u308a\u307e\u3059\u3002
Apache Log4j\u304c\u52d5\u4f5c\u3059\u308b\u30b5\u30fc\u30d0\u30fc\u306b\u304a\u3044\u3066\u3001\u9060\u9694\u306e\u7b2c\u4e09\u8005\u304c\u672c\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u7d30\u5de5\u3057\u305f\u30c7\u30fc\u30bf\u3092\u9001\u4fe1\u3059\u308b\u3053\u3068\u3067\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002
\u53c2\u8003\uff1ahttps:\/\/www.jpcert.or.jp\/at\/2021\/at210050.html<\/a><\/p>\n

Apache Log4j Security Vulnerabilities
Fixed in Log4j 2.15.0
https:\/\/logging.apache.org\/log4j\/2.x\/security.html<\/a><\/p>\n

Apache Log4j\u306b\u306fLookup\u3068\u547c\u3070\u308c\u308b\u6a5f\u80fd\u304c\u3042\u308a\u3001\u30ed\u30b0\u3068\u3057\u3066\u8a18\u9332\u3055\u308c\u305f\u6587\u5b57\u5217\u304b\u3089\u3001\u4e00\u90e8\u306e\u6587\u5b57\u5217\u3092\u5909\u6570\u3068\u3057\u3066\u7f6e\u63db\u3057\u307e\u3059\u3002
\u305d\u306e\u5185\u3001JNDI Lookup\u6a5f\u80fd\u304c\u60aa\u7528\u3055\u308c\u308b\u3068\u3001\u9060\u9694\u306e\u7b2c\u4e09\u8005\u304c\u7d30\u5de5\u3057\u305f\u6587\u5b57\u5217\u3092\u9001\u4fe1\u3057\u3001Log4j\u304c\u30ed\u30b0\u3068\u3057\u3066\u8a18\u9332\u3059\u308b\u3053\u3068\u3067\u3001Log4j\u306fLookup\u306b\u3088\u308a\u6307\u5b9a\u3055\u308c\u305f\u901a\u4fe1\u5148\u3082\u3057\u304f\u306f\u5185\u90e8\u30d1\u30b9\u304b\u3089javaclass\u30d5\u30a1\u30a4\u30eb\u3092\u8aad\u307f\u8fbc\u307f\u5b9f\u884c\u3057\u3001\u7d50\u679c\u3068\u3057\u3066\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n

2021\u5e7412\u670811\u65e5\u73fe\u5728\u3001JPCERT\/CC\u306f\u3001\u672c\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u5b9f\u8a3c\u30b3\u30fc\u30c9\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u3001\u304a\u3088\u3073\u56fd\u5185\u306b\u3066\u672c\u8106\u5f31\u6027\u306e\u60aa\u7528\u3092\u8a66\u307f\u308b\u901a\u4fe1\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002
Apache Log4j\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u306f\u3001The Apache Software Foundation\u306a\u3069\u304c\u63d0\u4f9b\u3059\u308b\u6700\u65b0\u306e\u60c5\u5831\u3092\u78ba\u8a8d\u3057\u3001\u30d0\u30fc\u30b8\u30e7\u30f3\u30a2\u30c3\u30d7\u3084\u56de\u907f\u7b56\u306e\u9069\u7528\u306a\u3069\u306e\u5b9f\u65bd\u3092\u691c\u8a0e\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/p>\n

\u307e\u305f\u3001Apache Log4j\u3092\u4f7f\u7528\u3059\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306a\u3069\u3067\u3001\u4eca\u5f8c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u304c\u516c\u958b\u3055\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002
\u95a2\u9023\u3059\u308b\u60c5\u5831\u3092\u6ce8\u8996\u3057\u3001\u5fc5\u8981\u306a\u5bfe\u7b56\u3084\u5bfe\u5fdc\u306e\u5b9f\u65bd\u3092\u3054\u691c\u8a0e\u304f\u3060\u3055\u3044\u3002<\/p>\n

** \u66f4\u65b0: 2021\u5e7412\u670813\u65e5\u8ffd\u8a18 *****************************************************************************************
Apache Log4j 1\u7cfb\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u3064\u3044\u3066\u306f\u3001\u7b2c\u4e09\u8005\u304c\u672c\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u305f\u3081\u306bLog4j\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308c\u3070\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3068\u306e\u60c5\u5831\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u304c\u3001\u653b\u6483\u3092\u884c\u3046\u305f\u3081\u306b\u306f\u4f55\u3089\u304b\u306e\u65b9\u6cd5\u3067\u4e8b\u524d\u306b\u30b7\u30b9\u30c6\u30e0\u306b\u4e0d\u6b63
\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u3001\u9060\u9694\u304b\u3089\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u305f\u653b\u6483\u306e\u5f71\u97ff\u306f\u53d7\u3051\u307e\u305b\u3093\u3002<\/p>\n

Restrict LDAP access via JNDI #608 Comment
https:\/\/github.com\/apache\/logging-log4j2\/pull\/608#issuecomment-991730650<\/a>
****************************************************************************************************************<\/p>\n


II. \u5bfe\u8c61
\u5bfe\u8c61\u3068\u306a\u308b\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n

– Apache Log4j 2.15.0\u3088\u308a\u524d\u306e2\u7cfb\u306e\u30d0\u30fc\u30b8\u30e7\u30f3<\/p>\n

\u306a\u304a\u3001\u3059\u3067\u306bEnd of Life\u3092\u8fce\u3048\u3066\u3044\u308bApache Log4j 1\u7cfb\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u3001Lookup\u6a5f\u80fd\u304c\u542b\u307e\u308c\u3066\u304a\u3089\u305a\u3001JMS Appender\u304c\u6709\u52b9\u3067\u3082\u30af\u30e9\u30b9\u60c5\u5831\u304c\u30c7\u30b7\u30ea\u30a2\u30e9\u30a4\u30ba\u3055\u308c\u306a\u3044\u305f\u3081\u5f71\u97ff\u3092\u53d7\u3051\u306a\u3044\u3068\u306e\u60c5\u5831\u3092\u78ba\u8a8d\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n

\u307e\u305f\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30d0\u30fc\u30b8\u30e7\u30f3\u3084\u6761\u4ef6\u306b\u95a2\u3059\u308b\u60c5\u5831\u304c\u5909\u66f4\u3042\u308b\u3044\u306f\u66f4\u65b0\u3055\u308c\u308b\u53ef\u80fd\u6027\u3084\u3001Apache Log4j\u3092\u4f7f\u7528\u3059\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u958b\u767a\u5143\u306a\u3069\u304b\u3089\u60c5\u5831\u304c\u516c\u958b\u3055\u308c\u308b\u53ef\u80fd\u6027\u3082\u3042\u308b\u305f\u3081\u3001\u6700\u65b0\u306e\u60c5\u5831\u306f\u5404\u7d44\u7e54\u304b\u3089\u63d0\u4f9b\u3055\u308c\u308b\u95a2\u9023\u60c5\u5831\u3092\u3054\u78ba\u8a8d\u304f\u3060\u3055\u3044\u3002<\/p>\n


III. \u5bfe\u7b56
The Apache Software Foundation\u304b\u3089\u672c\u8106\u5f31\u6027\u3092\u4fee\u6b63\u3057\u305f\u30d0\u30fc\u30b8\u30e7\u30f3\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u3002
\u901f\u3084\u304b\u306a\u5bfe\u7b56\u306e\u9069\u7528\u5b9f\u65bd\u3092\u3054\u691c\u8a0e\u304f\u3060\u3055\u3044\u3002
\u6b21\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u4ee5\u964d\u3067\u306f\u3001Lookup\u6a5f\u80fd\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u306f\u7121\u52b9\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n

– Apache Log4j 2.15.0<\/p>\n

\u4f7f\u7528\u3059\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306a\u3069\u306b\u3064\u3044\u3066\u95a2\u9023\u60c5\u5831\u3092\u6ce8\u8996\u3057\u3001\u672c\u8106\u5f31\u6027\u306e\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3053\u3068\u304c\u5224\u660e\u3057\u305f\u5834\u5408\u3082\u3001\u901f\u3084\u304b\u306b\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u306a\u3069\u306e\u5bfe\u5fdc\u3092\u884c\u3046\u3053\u3068\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/p>\n

\u307e\u305f\u3001\u3059\u3067\u306b\u672c\u8106\u5f31\u6027\u306e\u60aa\u7528\u3092\u8a66\u307f\u308b\u901a\u4fe1\u304c\u78ba\u8a8d\u3055\u308c\u3066\u3044\u308b\u3053\u3068\u304b\u3089\u3001\u5bfe\u7b56\u306e\u9069\u7528\u5b9f\u65bd\u3068\u3042\u308f\u305b\u3066\u3001\u4e0d\u5be9\u306a\u30d5\u30a1\u30a4\u30eb\u304a\u3088\u3073\u30d7\u30ed\u30bb\u30b9\u306e\u6709\u7121\u3084\u3001\u901a\u4fe1\u30ed\u30b0\u7b49\u3092\u78ba\u8a8d\u3057\u3001\u653b\u6483\u306e\u6709\u7121\u3092\u78ba\u8a8d\u3059\u308b\u3053\u3068\u3092\u63a8\u5968\u3057\u307e\u3059\u3002<\/p>\n

** \u66f4\u65b0: 2021\u5e7412\u670815\u65e5\u8ffd\u8a18 ********************************************************************************************
The Apache Software Foundation\u306f\u3001Apache Log4j\u306e\u30d0\u30fc\u30b8\u30e7\u30f32.16.0\uff08Java 8\u4ee5\u964d\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u304a\u3088\u30732.12.2\uff08Java 7\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002<\/p>\n

\u7279\u5b9a\u306e\u69cb\u6210\u306b\u304a\u3044\u3066\u4e0d\u6b63\u306aJNDI\u691c\u7d22\u30d1\u30bf\u30fc\u30f3\u3092\u5165\u529b\u5024\u3068\u3059\u308b\u5834\u5408\u306b\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3\uff08DoS\uff09\u304c\u751f\u3058\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3053\u3068\u304c\u5224\u660e\u3057\u3001Message Lookup\u6a5f\u80fd\u304c\u524a\u9664\u3055\u308c\u3001JNDI\u3078\u306e\u30a2\u30af\u30bb\u30b9\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u3067\u7121\u52b9\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u3053\u306e\u554f\u984c\u306b\u306fCVE-2021-45046\u304c\u63a1\u756a\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

Apache Log4j Security Vulnerabilities
Fixed in Log4j 2.12.2 (Java 7) and Log4j 2.16.0 (Java 8)
https:\/\/logging.apache.org\/log4j\/2.x\/security.html#log4j-2.16.0<\/a><\/p>\n

\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u306e\u8106\u5f31\u6027\uff08CVE-2021-44228\uff09\u3078\u306e\u5bfe\u7b56\u306b\u52a0\u3048\u3001\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3\u653b\u6483\u306e\u8106\u5f31\u6027\uff08CVE-2021-45046\uff09\u306a\u3069\u306e\u30ea\u30b9\u30af\u306b\u5bfe\u5fdc\u3059\u308b\u305f\u3081\u30012.16.0\u307e\u305f\u306f2.12.2\u3078\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u63a8\u5968\u3057\u307e\u3059\u3002
*********************************************************************************************************************
** \u66f4\u65b0: 2021\u5e7412\u670820\u65e5\u8ffd\u8a18 *********************************************************************************************
CVE-2021-45046\u306e\u5f71\u97ff\u306b\u3064\u3044\u3066\u3001\u4e00\u90e8\u306e\u74b0\u5883\u3067\u306f\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u306a\u3069\u304c\u53ef\u80fd\u3067\u3042\u308b\u3068\u306e\u60c5\u5831\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u3002
*********************************************************************************************************************
** \u66f4\u65b0: 2021\u5e7412\u670820\u65e5\u8ffd\u8a18 *********************************************************************************************
2021\u5e7412\u670818\u65e5\uff08\u73fe\u5730\u6642\u9593\uff09\u3001The Apache Software Foundation\u306f\u3001Apache Log4j\u306e\u30d0\u30fc\u30b8\u30e7\u30f32.17.0\uff08Java 8\u4ee5\u964d\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002<\/p>\n

\u81ea\u5df1\u53c2\u7167\u306b\u3088\u308b\u5236\u5fa1\u4e0d\u80fd\u306a\u518d\u5e30\u304b\u3089\u4fdd\u8b77\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u306b\u8d77\u56e0\u3057\u3001Log4j\u306e\u8a2d\u5b9a\u306b\u3088\u3063\u3066\u306f\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30b5\u30fc\u30d3\u30b9\u904b\u7528\u59a8\u5bb3\u653b\u6483\u306e\u8106\u5f31\u6027\uff08CVE-2021-45105\uff09\u304c\u4fee\u6b63\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

Apache Log4j Security Vulnerabilities
Fixed in Log4j 2.17.0 (Java 8)
https:\/\/logging.apache.org\/log4j\/2.x\/security.html#log4j-2.17.0<\/a>
*********************************************************************************************************************
** \u66f4\u65b0: 2021\u5e7412\u670828\u65e5\u8ffd\u8a18 *********************************************************************************************
2021\u5e7412\u670821\u65e5\uff08\u73fe\u5730\u6642\u9593\uff09\u3001The Apache Software Foundation\u306f\u3001Apache Log4j\u306e\u30d0\u30fc\u30b8\u30e7\u30f32.3.1\uff08Java 6\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u53ca\u30732.12.3\uff08Java 7\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002<\/p>\n

Apache Log4j Security Vulnerabilities
Fixed in Log4j 2.17.0 (Java 8), 2.12.3 (Java 7) and 2.3.1 (Java 6)
https:\/\/logging.apache.org\/log4j\/2.x\/security.html#log4j-2.17.0<\/a>
*********************************************************************************************************************
** \u66f4\u65b0: 2022\u5e741\u67084\u65e5\u8ffd\u8a18 ***********************************************************************************************
2021\u5e7412\u670828\u65e5\uff08\u73fe\u5730\u6642\u9593\uff09\u3001The Apache Software Foundation\u306f\u3001Apache Log4j\u306e2.17.1\uff08Java 8\u4ee5\u964d\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u30012.12.4\uff08Java 7\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u53ca\u30732.3.2\uff08Java 6\u306e\u30e6\u30fc\u30b6\u30fc\u5411\u3051\uff09\u3092\u516c\u958b\u3057\u307e\u3057
\u305f\u3002<\/p>\n

Apache Log4j Security Vulnerabilities
Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6)
https:\/\/logging.apache.org\/log4j\/2.x\/security.html#log4j-2.17.1<\/a>
*********************************************************************************************************************<\/p>\n

IV. \u56de\u907f\u7b56
The Apache Software Foundation\u304b\u3089\u3001Log4j\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306b\u5fdc\u3058\u305f\u56de\u907f\u7b56\u306b\u95a2\u3059\u308b\u60c5\u5831\u304c\u516c\u958b\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n

** \u66f4\u65b0: 2021\u5e7412\u670815\u65e5\u8ffd\u8a18 *********************************************************************************************
The Apache Software Foundation\u3088\u308a\u3001\u4e00\u90e8\u306e\u56de\u907f\u7b56\u306f\u3001\u7279\u5b9a\u306e\u624b\u6cd5\u3092\u7528\u3044\u305f\u653b\u6483\u3092\u56de\u907f\u3059\u308b\u306b\u306f\u4e0d\u5341\u5206\u3067\u3042\u308b\u3053\u3068\u304c\u5224\u660e\u3057\u305f\u3068\u660e\u3089\u304b\u306b\u3057\u3001\u6709\u52b9\u306a\u56de\u907f\u7b56\u3068\u3057\u3066\u3001JndiLookup.class\u3092\u30af\u30e9\u30b9\u30d1\u30b9\u304b\u3089\u524a\u9664\u3059\u308b\u56de\u907f\u7b56\u306e\u5b9f\u65bd\u3092\u547c\u3073\u304b\u3051
\u3066\u3044\u307e\u3059\u3002
**********************************************************************************************************************<\/p>\n

Apache Log4j Security Vulnerabilities
Fixed in Log4j 2.12.2 and Log4j 2.16.0
https:\/\/logging.apache.org\/log4j\/2.x\/security.html<\/p>\n

Log4j\u30d0\u30fc\u30b8\u30e7\u30f32.10\u304a\u3088\u3073\u305d\u308c\u4ee5\u964d
– Log4j\u3092\u5b9f\u884c\u3059\u308bJava\u4eee\u60f3\u30de\u30b7\u30f3\u3092\u8d77\u52d5\u6642\u306b\u300clog4j2.formatMsgNoLookups\u300d\u3068\u3044\u3046JVM\u30d5\u30e9\u30b0\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u6307\u5b9a\u3059\u308b\u3000\u4f8b: -Dlog4j2.formatMsgNoLookups=true
– \u74b0\u5883\u5909\u6570\u300cLOG4J_FORMAT_MSG_NO_LOOKUPS\u300d\u3092\u300ctrue\u300d\u306b\u8a2d\u5b9a\u3059\u308b<\/p>\n

Log4j\u30d0\u30fc\u30b8\u30e7\u30f32.10\u3088\u308a\u524d
– JndiLookup\u30af\u30e9\u30b9\u3092\u30af\u30e9\u30b9\u30d1\u30b9\u304b\u3089\u524a\u9664\u3059\u308b<\/p>\n

\u307e\u305f\u3001\u672c\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u653b\u6483\u306e\u5f71\u97ff\u3092\u8efd\u6e1b\u3059\u308b\u305f\u3081\u3001\u30b7\u30b9\u30c6\u30e0\u304b\u3089\u5916\u90e8\u3078\u306e\u63a5\u7d9a\u3092\u5236\u9650\u3059\u308b\u305f\u3081\u306e\u53ef\u80fd\u306a\u9650\u308a\u306e\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u306e\u898b\u76f4\u3057\u3084\u5f37\u5316\u3082\u3054\u691c\u8a0e\u304f\u3060\u3055\u3044\u3002<\/p>\n


V. \u53c2\u8003\u60c5\u5831
apache \/ logging-log4j2
Restrict LDAP access via JNDI #608
https:\/\/github.com\/apache\/logging-log4j2\/pull\/608<\/a><\/p>\n

The Apache Software Foundation
Lookups
https:\/\/logging.apache.org\/log4j\/2.x\/manual\/lookups.html<\/a><\/p>\n

LunaSec
Log4Shell: RCE 0-day exploit found in log4j2, a popular Java logging package
https:\/\/www.lunasec.io\/docs\/blog\/log4j-zero-day\/<\/a><\/p>\n

SANS ISC InfoSec Forums
RCE in log4j, Log4Shell, or how things can get bad quickly
https:\/\/isc.sans.edu\/forums\/diary\/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly\/28120\/<\/a><\/p>\n

BlueTeam CheatSheet * Log4Shell*
https:\/\/gist.github.com\/SwitHak\/b66db3a06c2955a9cb71a8718970c592<\/a><\/p>\n

** \u66f4\u65b0: 2021\u5e7412\u670813\u65e5\u8ffd\u8a18 *********************************************************************************************
Japan Vulnerability Notes JVNVU#96768815
Apache Log4j\u306b\u304a\u3051\u308b\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u53ef\u80fd\u306a\u8106\u5f31\u6027
https:\/\/jvn.jp\/vu\/JVNVU96768815\/<\/a>
********************************************************************************************************************<\/p>\n

** \u66f4\u65b0: 2021\u5e7412\u670820\u65e5\u8ffd\u8a18 *********************************************************************************************
JPCERT\/CC Eyes
Apache Log4j2\u306eRCE\u8106\u5f31\u6027\uff08CVE-2021-44228\uff09\u3092\u72d9\u3046\u653b\u6483\u89b3\u6e2c
https:\/\/blogs.jpcert.or.jp\/ja\/2021\/12\/log4j-cve-2021-44228.html<\/a>
********************************************************************************************************************<\/p>\n

** \u66f4\u65b0: 2021\u5e7412\u670828\u65e5\u8ffd\u8a18 *********************************************************************************************
JPCERT\/CC CyberNewsFlash
2021\u5e7412\u6708\u306b\u516c\u8868\u3055\u308c\u305fLog4j\u306e\u8106\u5f31\u6027\u306b\u3064\u3044\u3066
https:\/\/www.jpcert.or.jp\/newsflash\/2021122401.html<\/a>
********************************************************************************************************************<\/p>\n","protected":false},"excerpt":{"rendered":"

I. \u6982\u8981 ** \u66f4\u65b0: 2022\u5e741\u67084\u65e5\u8a18\u8f09 ************************************************************************************* […]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[5],"tags":[45],"_links":{"self":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/11824"}],"collection":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/comments?post=11824"}],"version-history":[{"count":11,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/11824\/revisions"}],"predecessor-version":[{"id":14998,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/posts\/11824\/revisions\/14998"}],"wp:attachment":[{"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/media?parent=11824"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/categories?post=11824"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.csirt.dendai.ac.jp\/csirt\/wp-json\/wp\/v2\/tags?post=11824"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}