ZLeB̃ghFȂLog4Shell̐ƎiႭj͍Uꑱ̂FInside-Out
2021N12AApache Log4j̐ƎiႭjłLog4Shell̏JꂽB{ełLog4Shell̊TvƁAȂU҂Log4Shellp̂B
̋L͉łBo^ijƑSĂ܂B
{ĹAЃC^[lbgCjVAeBűAuIIJ.news Vol.169v́uZLeB̃gh 2022 Spring@Apache Log4jLog4Shellvi2022N4j]ڂ̂łB̂߁App̓ꃋ[ȂǂAIT̂̂ƈقȂ܂BB
M҃vtB[
kR [v
IIJ ZLeB{ ZLeBIy[V ZLeBIy[VZ^[
SOCAiXgƂāAÓE}EFÁEƎ㐫ȂǂSB
Apache Log4jƂ
@Apache Log4jiȉALog4jj́AvO~ÖłJavaŎgpĂ郉CułBJavaŊJꂽ\tgEFAɂāAOo͋@\܂B
@\tgEFÅJ҂ɂƂ Log4j̎gp͒ԂƂȂĂAŎg邱Ƃ@\̏_ȂǂAJavaAvP[VŎgpĂ܂B
@ႦALog4j`bgAvŎgpĂꍇɂ̓bZ[W̗L^邽߂ɁAWEBT[oŎgpĂꍇɂ̓[UANZXꂽURLL^邽߂ȂǂɎgpĂ܂B
@̂قɂAAvP[VŔG[̏ڍׂȂǂL^邽߂ɗp邱Ƃ܂B
Log4ShellƂ
@Log4ShelliCVE-2021-44228j*́ALog4j ɂă[gCӂ̃R[hsł悤ɂĂ܂Ǝ㐫w܂B̐Ǝ㐫܂Log4jgpĊJꂽ\tgEFÃOɍUR[ho͂ƁA\tgEFAĂRs[^ōU҂Ӑ}sȖ߂sĂ܂܂B
* 2021N129AApache Software FoundatiońAЂ̒Apache Log4j 2̕o[WɃ[gR[hs̐Ǝ㐫iCVE-2021-44228j݂邱Ƃ\B
@ႦA[UANZXꂽURLOɋL^WEBT[ȍꍇAURLɍUR[h܂܂ĂƁAT[oŕsȖ߂s鋰ꂪ܂BsȖ߂̎sɐU҂́ARs[^ɕۑꂽt@C̉ގA}EFÃ_E[hюsȂǂ݂܂B
U҂Log4Shellp闝R
@CVELog4Shell̏JĈȍ~Log4ShellpUϑĂ܂BU҂Log4Shellp闝RƂẮAL3܂B
- UeՂł邽
- Ủe\tgEFA
- Ǝ㐫ւ̑s\Ȋ
@Log4ShellɂẮAƎ㐫ւ̑s\ł߂ɍUĂ܂ႪmFĂ܂B̔wiɂ́ALog4Shell̐Ǝ㐫ƔrāAe͈͂̓肪ł邱Ƃ܂B
@\tgEFA̎gpɂA[UCuӎ邱Ƃ͂܂Ȃ߁Aǂ̃\tgEFALog4jgpĂ邩炩ł͂܂B܂Log4j͑̃\tgEFAŎgpĂ邽߁AVXeǗ҂ӎĂȂӏŎgpĂ邱Ƃ܂B
@̗vALog4Shellւ̑s\ȊcĂAU҂Log4Shell̈pݑĂ̂łB
̑Ή
@Log4ShelĺAe͈͂̓肪łƐ܂B̂߁AgDőȂĂȂ\tgEFA܂邩܂BLog4Shell͂߁AAl̐Ǝ㐫JꂽہAQŏɂ邽߂ɂA߂đgDŎgpĂ\tgEFAmF邱Ƃ߂܂BȊmF́AL3_łB
- \tgEFÄꗗ
- \tgEFÃo[W
- \tgEFÅJEA
@ɃC^[lbgŌJĂT[oœ삷\tgEFȀ́AKcĂ܂傤BƎ㐫JꂽA}ɉe̗LmFłԂɂ܂傤B
@܂AT[oւ̍ÚAIDS^IPSWAFŎՒfEmłꍇ܂B\tgEFȂ}ȃAbvf[gȏꍇ́ÃZLeBfoCX̗pB
@̂قɂAГ݂̂Ŏgp\tgEFAЈ̒[Ŏgp\tgEFAȖΏۂƂȂ\܂B
@WEBuEUA[NCAgA`bgAv̂悤ɃC^[lbgォ瓾悤ȃ\tgEFÁAȖΏۂƂȂ댯܂BЈgpWEBuEUȂǂɐƎ㐫̉eԏꍇɂ́A[ȂǂŒӊNłԂɂ܂傤B
IIJɂł邱
@ł́AEɉe炵Ă Log4j ƂCu̐Ǝ㐫ɂĉ܂Aȇ召ɂ炸AZLeBCVfg͓XĂ܂B
@IIJSOCiZLeBIy[VZ^[jł́A24365Aq܊ŔZLeBCVfg̑ΉɂĂ܂BSOCŊϑZLeBCVfg̏́AɈxAuwizSafe Security SignalvƂāuwizSafe Security SignalvŌJĂ܂BF܂̍̃ZLeB̈ꏕɂȂKłB
Copyright© Digital Advantage Corp. All Rights Reserved.
ڂ̃e[}
ITmedia̓ACeBfBAЂ̓o^WłB