| Publisher DOI: | 10.1109/TNSM.2024.3440188 | Title: | The Log4j incident : a comprehensive measurement study of a critical vulnerability | Language: | English | Authors: | Hiesgen, Raphael Nawrocki, Marcin Schmidt, Thomas C.  Wählisch, Matthias |
Keywords: | Internet Security; Critical Vulnerability; Security Measurement | Issue Date: | 7-Aug-2024 | Publisher: | IEEE | Journal or Series Name: | IEEE transactions on network and service management | Volume: | 21 | Issue: | 6 | Startpage: | 5921 | Endpage: | 5934 | Abstract: | On December 10, 2021, Log4Shell was disclosed to the public and was quickly recognized as a most severe vulnerability. It exploits a bug in the wide-spread Log4j library that allows for critical remote-code-execution (RCE). Any service that uses this library and exposes an interface to the Internet is potentially vulnerable. In this paper, we report about a measurement study starting with the day of disclosure. We follow the rush of scanners during the first two months after the disclosure and observe the development of the Log4Shell scans in the subsequent year. Based on traffic data collected at several vantage points we analyze the payloads sent by researchers and attackers. We find that the initial rush of scanners ebbed quickly, but continued in waves throughout 2022. Benign scanners showed interest only in the first days after the disclosure, whereas malicious scanners continue to target the vulnerability.During both periods, a single entity appears responsible for the majority of the malicious activities. |
URI: | https://hdl.handle.net/20.500.12738/19097 | ISSN: | 1932-4537 | Review status: | This version was peer reviewed (peer review) | Institute: | Department Informatik (ehemalig, aufgelöst 10.2025) Fakultät Technik und Informatik (ehemalig, aufgelöst 10.2025) |
Type: | Article |
| Appears in Collections: | Publications without full text |
Show full item record
Add Files to Item
Note about this record
Export
This item is licensed under a Creative Commons License
