Defend Zero Day Attacks

Garner holistic visibility across development and deployment life cycle. Mitigate risks proactively to foil attacks with our most advanced and sophisticated CNAPP product.

Open Source

cspm

Tailor made to secure SaaS and private cloud environments

cwpp

Observability & Enforcement for K8s, VMs, Container workloads

Code to Cloud Security

Comprehensive security from development to deployment

AccuKnox is the first 5G Security-ORAN to be published on Nephio

From fortifying the control plane to addressing vulnerabilities in the data plane, read the white paper and discover the crucial steps we need to take in order to enhance the security of 5G networks.

Cloud Native Security Redefined

Accelerate your cloud journey with our battle-tested expertise, delivering a comprehensive zero trust framework that safeguards cloud infrastructure and applications from targeted attacks.

Open Source

KubeArmor is now certified Redhat Openshift Operator

Embracing the Power of Open Source: We are proud to contribute to the open-source community, allowing businesses to leverage the strength of KubeArmor to safeguard their containerized environments.

CVE-20 21-45105 Stack Overflow Error due to Recursive Lookups

by | Dec 18, 2021

Reading Time: 2 minutes

Another important vulnerability CVE-20 21-45105 for Log4J was discovered This
vulnerability involves Apache Log4j2  not being able to protect from
infinite recursion in lookup evaluation.

This vulnerability has been upgraded in Log4J versioion 2.17.0 for Java 8 and
up. The easiest way to mitigate this vulnerability is to upgrade log4j

The following details have been published from https://logging.apache.org/log4j/2.x/index.html


Deep dive: What is this vulnerability and what kind of attack does this lead
to?

This vulnerability is a Denial of Service attack that happens through the
following steps:

  1. Attackers craft malicious input
  2. If the logging configuration uses a non-default Pattern Layout with a
    Context Lookup (for example, $${ctx:loginId}),
  3. and if attackers craft malicious input
  4. The malicious input can cause recursive lookups
  5. Recursive lookups cause Denial of Service (DOS) attack to due
    StackOverflowError that will cause a termination of the process attacked.

Mitigation as suggested by the Log4J team:

  • In PatternLayout in the logging configuration, replace Context Lookups like ${ctx:loginId}or $${ctx:loginId} with Thread Context Map patterns (%X,
    %mdc, or %MDC).
  • Otherwise, in the configuration, remove references to Context Lookups like
    ${ctx:loginId} or $${ctx:loginId} where they originate from sources external
    to the application such as HTTP headers or user input.

MDC or Mapped Diagnostic Context allows applications to log in scenarios with multiple
threads and multiple simultaneous clients where mapped information can be
stored for individual clients in an MDC which is a ThreadLocal. A ThreadLocal class provides thread-local variables.

The Context lookups like ${ctx:loginId}or $${ctx:loginId}  lead to a
recursive call with the right kind of malicious input. Details at https://issues.apache.org/jira/browse/LOG4J2-3230

Mitigating with Accuknox Open source Repo:

Apply mitigations with Accuknox’s open sourced policy repo for Log4J
vulnerabilities at the following URL https://github.com/kubearmor/log4j-CVE-2021-44228

The primary approach to mitigation for this is to block any malicious input
for older versions, and follow mitigations suggested by the Log4J team by
disabling recursive lookups or the best solution upgrade the Log4J  +
Apply Accuknox policy templates on the repo at https://github.com/kubearmor/log4j-CVE-2021-44228.

Please enable JavaScript in your browser to complete this form.
We protect your organization against current and emerging threats with Zero Trust Cloud Security Solutions