{"id":477869,"date":"2023-08-09T09:21:36","date_gmt":"2023-08-09T09:21:36","guid":{"rendered":""},"modified":"2023-09-05T11:15:35","modified_gmt":"2023-09-05T11:15:35","slug":"log4shell","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/log4shell\/","title":{"rendered":"\u30ed\u30b04\u30b7\u30a7\u30eb"},"content":{"rendered":"<p>Log4Shell \u306f\u30012021 \u5e74\u5f8c\u534a\u306b\u51fa\u73fe\u3057\u3001\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u754c\u3092\u63fa\u308b\u304c\u3057\u305f\u91cd\u5927\u306a\u8106\u5f31\u6027\u3067\u3059\u3002\u5e83\u304f\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u30ed\u30b0 \u30e9\u30a4\u30d6\u30e9\u30ea Apache Log4j \u306e\u6b20\u9665\u3092\u60aa\u7528\u3057\u3001\u653b\u6483\u8005\u304c\u8106\u5f31\u306a\u30b7\u30b9\u30c6\u30e0\u3067\u30ea\u30e2\u30fc\u30c8 \u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3067\u304d\u308b\u3088\u3046\u306b\u3057\u307e\u3059\u3002\u3053\u306e\u8106\u5f31\u6027\u306e\u6df1\u523b\u5ea6\u306b\u3088\u308a\u3001CVSS (Common Vulnerability Scoring System) \u8a55\u4fa1\u3067\u306f\u6700\u9ad8\u30b9\u30b3\u30a2\u306e\u300c10.0\u300d\u304c\u4ed8\u3051\u3089\u308c\u3001\u5e83\u7bc4\u56f2\u306b\u308f\u305f\u308b\u58ca\u6ec5\u7684\u306a\u88ab\u5bb3\u3092\u5f15\u304d\u8d77\u3053\u3059\u53ef\u80fd\u6027\u304c\u3042\u308b\u3053\u3068\u304c\u793a\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2>Log4Shell \u306e\u8d77\u6e90\u3068\u305d\u306e\u6700\u521d\u306e\u8a00\u53ca\u306e\u6b74\u53f2\u3002<\/h2>\n<p>Log4Shell \u306e\u8d77\u6e90\u306f\u3001\u3055\u307e\u3056\u307e\u306a Java \u30d9\u30fc\u30b9\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3067\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u4eba\u6c17\u306e\u30aa\u30fc\u30d7\u30f3\u30bd\u30fc\u30b9 \u30ed\u30ae\u30f3\u30b0 \u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3067\u3042\u308b Apache Log4j \u306e\u4f5c\u6210\u306b\u307e\u3067\u9061\u308a\u307e\u3059\u30022021 \u5e74\u5f8c\u534a\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u306f Log4j \u306b\u91cd\u5927\u306a\u8106\u5f31\u6027\u3092\u767a\u898b\u3057\u307e\u3057\u305f\u3002\u3053\u306e\u8106\u5f31\u6027\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u30ed\u30ae\u30f3\u30b0 \u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u901a\u3058\u3066\u30b7\u30b9\u30c6\u30e0\u306b\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u633f\u5165\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002Log4Shell \u304c\u521d\u3081\u3066\u516c\u306b\u8a00\u53ca\u3055\u308c\u305f\u306e\u306f\u3001\u30ab\u30fc\u30cd\u30ae\u30fc\u30e1\u30ed\u30f3\u5927\u5b66\u306e CERT \u30b3\u30fc\u30c7\u30a3\u30cd\u30fc\u30b7\u30e7\u30f3 \u30bb\u30f3\u30bf\u30fc\u304c 2021 \u5e74 12 \u6708 9 \u65e5\u306b\u8106\u5f31\u6027\u30ce\u30fc\u30c8 (CVE-2021-44228) \u3092\u516c\u958b\u3057\u305f\u3068\u304d\u3067\u3057\u305f\u3002<\/p>\n<h2>Log4Shell \u306b\u95a2\u3059\u308b\u8a73\u7d30\u60c5\u5831\u3002\u30c8\u30d4\u30c3\u30af Log4Shell \u3092\u62e1\u5f35\u3057\u307e\u3059\u3002<\/h2>\n<p>Log4Shell \u306e\u5f71\u97ff\u306f Apache Log4j \u3060\u3051\u306b\u3068\u3069\u307e\u3089\u305a\u3001\u591a\u6570\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3084\u88fd\u54c1\u304c\u3053\u306e\u30e9\u30a4\u30d6\u30e9\u30ea\u3092\u7d71\u5408\u3057\u3001\u8106\u5f31\u6027\u306e\u5f71\u97ff\u3092\u53d7\u3051\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002\u3053\u306e\u6b20\u9665\u306f\u3001Log4j \u304c\u30e6\u30fc\u30b6\u30fc\u63d0\u4f9b\u30c7\u30fc\u30bf\u3092\u542b\u3080\u30ed\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u51e6\u7406\u3059\u308b\u65b9\u6cd5\u3001\u5177\u4f53\u7684\u306b\u306f\u74b0\u5883\u5909\u6570\u3092\u53c2\u7167\u3059\u308b\u300c\u30eb\u30c3\u30af\u30a2\u30c3\u30d7\u300d\u6a5f\u80fd\u3092\u4f7f\u7528\u3059\u308b\u65b9\u6cd5\u306b\u5b58\u5728\u3057\u307e\u3059\u3002<\/p>\n<p>\u60aa\u610f\u306e\u3042\u308b\u653b\u6483\u8005\u304c\u3001\u64cd\u4f5c\u3055\u308c\u305f\u30eb\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u4f7f\u7528\u3057\u3066\u7279\u5225\u306b\u7d30\u5de5\u3055\u308c\u305f\u30ed\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u4f5c\u6210\u3059\u308b\u3068\u3001\u30ea\u30e2\u30fc\u30c8 \u30b3\u30fc\u30c9\u5b9f\u884c\u304c\u30c8\u30ea\u30ac\u30fc\u3055\u308c\u307e\u3059\u3002\u653b\u6483\u8005\u306f Log4Shell \u3092\u60aa\u7528\u3057\u3066\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u53d6\u5f97\u3057\u3001\u6a5f\u5bc6\u30c7\u30fc\u30bf\u3092\u76d7\u307f\u3001\u30b5\u30fc\u30d3\u30b9\u3092\u59a8\u5bb3\u3057\u3001\u3055\u3089\u306b\u306f\u6a19\u7684\u306e\u30b7\u30b9\u30c6\u30e0\u3092\u5b8c\u5168\u306b\u5236\u5fa1\u3059\u308b\u3053\u3068\u3055\u3048\u3067\u304d\u308b\u305f\u3081\u3001\u3053\u308c\u306f\u91cd\u5927\u306a\u8105\u5a01\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n<h2>Log4Shell \u306e\u5185\u90e8\u69cb\u9020\u3002Log4Shell \u306e\u52d5\u4f5c\u65b9\u6cd5\u3002<\/h2>\n<p>Log4Shell \u306f\u3001\u8106\u5f31\u306a\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u74b0\u5883\u5909\u6570\u306e\u30eb\u30c3\u30af\u30a2\u30c3\u30d7 \u30bd\u30fc\u30b9\u3068\u3057\u3066\u6307\u5b9a\u3059\u308b\u3053\u3068\u3067\u3001Log4j \u306e\u300c\u30eb\u30c3\u30af\u30a2\u30c3\u30d7\u300d\u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u60aa\u7528\u3057\u307e\u3059\u3002\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u60aa\u610f\u306e\u3042\u308b\u30ed\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u53d7\u4fe1\u3059\u308b\u3068\u3001\u53c2\u7167\u3055\u308c\u3066\u3044\u308b\u74b0\u5883\u5909\u6570\u3092\u89e3\u6790\u3057\u3066\u89e3\u6c7a\u3057\u3088\u3046\u3068\u3057\u3001\u77e5\u3089\u306a\u3044\u3046\u3061\u306b\u653b\u6483\u8005\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n<p>Log4Shell \u306e\u30d7\u30ed\u30bb\u30b9\u3092\u8996\u899a\u5316\u3059\u308b\u306b\u306f\u3001\u6b21\u306e\u30b7\u30fc\u30b1\u30f3\u30b9\u3092\u691c\u8a0e\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ol>\n<li>\u653b\u6483\u8005\u306f\u3001\u64cd\u4f5c\u3055\u308c\u305f\u30eb\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u542b\u3080\u60aa\u610f\u306e\u3042\u308b\u30ed\u30b0 \u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002<\/li>\n<li>\u8106\u5f31\u306a\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f Log4j \u3092\u4f7f\u7528\u3057\u3066\u30e1\u30c3\u30bb\u30fc\u30b8\u3092\u30ed\u30b0\u306b\u8a18\u9332\u3057\u3001\u30eb\u30c3\u30af\u30a2\u30c3\u30d7 \u30e1\u30ab\u30cb\u30ba\u30e0\u3092\u30c8\u30ea\u30ac\u30fc\u3057\u307e\u3059\u3002<\/li>\n<li>Log4j \u306f\u30eb\u30c3\u30af\u30a2\u30c3\u30d7\u3092\u89e3\u6c7a\u3057\u3088\u3046\u3068\u3057\u3001\u653b\u6483\u8005\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/li>\n<li>\u30ea\u30e2\u30fc\u30c8 \u30b3\u30fc\u30c9\u5b9f\u884c\u304c\u767a\u751f\u3057\u3001\u653b\u6483\u8005\u306b\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u307e\u3059\u3002<\/li>\n<\/ol>\n<h2>Log4Shell \u306e\u4e3b\u8981\u6a5f\u80fd\u306e\u5206\u6790\u3002<\/h2>\n<p>Log4Shell \u306e\u975e\u5e38\u306b\u5371\u967a\u306a\u8106\u5f31\u6027\u3068\u306a\u308b\u4e3b\u306a\u7279\u5fb4\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<ol>\n<li><strong>\u9ad8\u3044CVSS\u30b9\u30b3\u30a2<\/strong>Log4Shell \u306f CVSS \u30b9\u30b3\u30a2 10.0 \u3092\u7372\u5f97\u3057\u3001\u305d\u306e\u91cd\u5927\u6027\u3068\u5e83\u7bc4\u56f2\u306b\u308f\u305f\u308b\u88ab\u5bb3\u306e\u53ef\u80fd\u6027\u3092\u6d6e\u304d\u5f6b\u308a\u306b\u3057\u307e\u3057\u305f\u3002<\/li>\n<li><strong>\u5e83\u7bc4\u56f2\u306b\u308f\u305f\u308b\u5f71\u97ff<\/strong>: Apache Log4j \u306e\u4eba\u6c17\u306b\u3088\u308a\u3001Web \u30b5\u30fc\u30d0\u30fc\u3001\u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3001\u30af\u30e9\u30a6\u30c9 \u30b5\u30fc\u30d3\u30b9\u306a\u3069\u3001\u4e16\u754c\u4e2d\u306e\u4f55\u767e\u4e07\u3082\u306e\u30b7\u30b9\u30c6\u30e0\u304c\u8106\u5f31\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/li>\n<li><strong>\u6025\u901f\u306a\u643e\u53d6<\/strong>\u30b5\u30a4\u30d0\u30fc\u72af\u7f6a\u8005\u306f\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u305f\u3081\u306b\u3059\u3050\u306b\u9069\u5fdc\u3057\u305f\u305f\u3081\u3001\u7d44\u7e54\u306f\u30b7\u30b9\u30c6\u30e0\u306b\u901f\u3084\u304b\u306b\u30d1\u30c3\u30c1\u3092\u9069\u7528\u3059\u308b\u3053\u3068\u304c\u6025\u52d9\u3068\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/li>\n<li><strong>\u30af\u30ed\u30b9\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0<\/strong>Log4j \u306f\u30af\u30ed\u30b9\u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u3067\u3042\u308b\u305f\u3081\u3001\u3053\u306e\u8106\u5f31\u6027\u306f Windows\u3001Linux\u3001macOS \u3092\u542b\u3080\u3055\u307e\u3056\u307e\u306a\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0 \u30b7\u30b9\u30c6\u30e0\u306b\u5f71\u97ff\u3092\u4e0e\u3048\u307e\u3059\u3002<\/li>\n<li><strong>\u9045\u5ef6\u30d1\u30c3\u30c1\u9069\u7528<\/strong>\u4e00\u90e8\u306e\u7d44\u7e54\u3067\u306f\u3001\u30d1\u30c3\u30c1\u3092\u8fc5\u901f\u306b\u9069\u7528\u3059\u308b\u3053\u3068\u304c\u56f0\u96e3\u3067\u3001\u30b7\u30b9\u30c6\u30e0\u304c\u9577\u671f\u9593\u306b\u308f\u305f\u3063\u3066\u7121\u9632\u5099\u306a\u72b6\u614b\u306e\u307e\u307e\u306b\u306a\u3063\u3066\u3044\u307e\u3057\u305f\u3002<\/li>\n<\/ol>\n<h2>Log4Shell\u306e\u7a2e\u985e<\/h2>\n<p>Log4Shell \u306f\u3001\u5f71\u97ff\u3092\u53d7\u3051\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3068\u30b7\u30b9\u30c6\u30e0\u306e\u7a2e\u985e\u306b\u57fa\u3065\u3044\u3066\u5206\u985e\u3067\u304d\u307e\u3059\u3002\u4e3b\u306a\u7a2e\u985e\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30bf\u30a4\u30d7<\/th>\n<th>\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u30a6\u30a7\u30d6\u30b5\u30fc\u30d0\u30fc<\/td>\n<td>\u8106\u5f31\u306a Web \u30b5\u30fc\u30d0\u30fc\u304c\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u516c\u958b\u3055\u308c\u3001\u30ea\u30e2\u30fc\u30c8 \u30b3\u30fc\u30c9\u5b9f\u884c\u304c\u53ef\u80fd\u306b\u306a\u308a\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba\u30a2\u30d7\u30ea<\/td>\n<td>Log4j \u3092\u5229\u7528\u3057\u3001\u60aa\u7528\u3055\u308c\u308b\u53ef\u80fd\u6027\u306e\u3042\u308b Java \u30d9\u30fc\u30b9\u306e\u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d3\u30b9<\/td>\n<td>\u30af\u30e9\u30a6\u30c9 \u30d7\u30e9\u30c3\u30c8\u30d5\u30a9\u30fc\u30e0\u306f Log4j \u3092\u4f7f\u7528\u3057\u3066 Java \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u3001\u30ea\u30b9\u30af\u306b\u3055\u3089\u3055\u308c\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>IoT\u30c7\u30d0\u30a4\u30b9<\/td>\n<td>Log4j \u3092\u5229\u7528\u3059\u308b\u30e2\u30ce\u306e\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8 (IoT) \u30c7\u30d0\u30a4\u30b9\u306f\u3001\u30ea\u30e2\u30fc\u30c8\u653b\u6483\u306b\u3064\u306a\u304c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Log4Shell \u306e\u4f7f\u3044\u65b9\u3001\u4f7f\u7528\u4e0a\u306e\u554f\u984c\u3068\u305d\u306e\u89e3\u6c7a\u7b56\u3002<\/h2>\n<p><strong>Log4Shell \u306e\u4f7f\u7528\u65b9\u6cd5:<\/strong><\/p>\n<ul>\n<li>\u516c\u958b\u3055\u308c\u305f Web \u30b5\u30fc\u30d0\u30fc\u3092\u60aa\u7528\u3057\u3066\u6a5f\u5bc6\u30c7\u30fc\u30bf\u3092\u4fb5\u5bb3\u3057\u305f\u308a\u3001\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3057\u305f\u308a\u3057\u307e\u3059\u3002<\/li>\n<li>\u8106\u5f31\u306a\u30a8\u30f3\u30bf\u30fc\u30d7\u30e9\u30a4\u30ba \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u901a\u3058\u3066\u4f01\u696d\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u4fb5\u5165\u3059\u308b\u3002<\/li>\n<li>\u30af\u30e9\u30a6\u30c9 \u30b5\u30fc\u30d3\u30b9\u3092\u5236\u5fa1\u3057\u3001DDoS \u653b\u6483\u3092\u958b\u59cb\u3057\u307e\u3059\u3002<\/li>\n<li>IoT \u30c7\u30d0\u30a4\u30b9\u3092\u60aa\u7528\u3057\u3066\u30dc\u30c3\u30c8\u30cd\u30c3\u30c8\u3092\u4f5c\u6210\u3057\u3001\u3088\u308a\u5927\u898f\u6a21\u306a\u653b\u6483\u3092\u884c\u3046\u3002<\/li>\n<\/ul>\n<p><strong>\u554f\u984c\u3068\u89e3\u6c7a\u7b56:<\/strong><\/p>\n<ul>\n<li>\u30d1\u30c3\u30c1\u9069\u7528\u306e\u9045\u308c: \u8907\u96d1\u306a\u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u3068\u4f9d\u5b58\u95a2\u4fc2\u306e\u305f\u3081\u3001\u4e00\u90e8\u306e\u7d44\u7e54\u3067\u306f\u30d1\u30c3\u30c1\u3092\u8fc5\u901f\u306b\u9069\u7528\u3059\u308b\u306e\u306b\u82e6\u52b4\u3057\u3066\u3044\u307e\u3059\u3002\u89e3\u6c7a\u7b56\u306f\u3001\u30d1\u30c3\u30c1\u7ba1\u7406\u3092\u512a\u5148\u3057\u3001\u53ef\u80fd\u306a\u5834\u5408\u306f\u66f4\u65b0\u3092\u81ea\u52d5\u5316\u3059\u308b\u3053\u3068\u3067\u3059\u3002<\/li>\n<li>\u4e0d\u5b8c\u5168\u306a\u8a8d\u8b58: \u3059\u3079\u3066\u306e\u7d44\u7e54\u304c Log4j \u306e\u4f9d\u5b58\u95a2\u4fc2\u3092\u8a8d\u8b58\u3057\u3066\u3044\u308b\u308f\u3051\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002\u5b9a\u671f\u7684\u306a\u76e3\u67fb\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u8a55\u4fa1\u306f\u3001\u8106\u5f31\u306a\u30b7\u30b9\u30c6\u30e0\u3092\u7279\u5b9a\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/li>\n<li>\u30ec\u30ac\u30b7\u30fc \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3: \u53e4\u3044\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u306f\u3001\u53e4\u304f\u306a\u3063\u305f\u4f9d\u5b58\u95a2\u4fc2\u304c\u3042\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u7d44\u7e54\u306f\u3001\u30d1\u30c3\u30c1\u9069\u7528\u304c\u53ef\u80fd\u306b\u306a\u308b\u307e\u3067\u3001\u65b0\u3057\u3044\u30d0\u30fc\u30b8\u30e7\u30f3\u3078\u306e\u30a2\u30c3\u30d7\u30b0\u30ec\u30fc\u30c9\u307e\u305f\u306f\u56de\u907f\u7b56\u306e\u9069\u7528\u3092\u691c\u8a0e\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/li>\n<\/ul>\n<h2>\u4e3b\u306a\u7279\u5fb4\u3084\u305d\u306e\u4ed6\u306e\u985e\u4f3c\u7528\u8a9e\u3068\u306e\u6bd4\u8f03\u3092\u8868\u3084\u30ea\u30b9\u30c8\u306e\u5f62\u5f0f\u3067\u793a\u3057\u307e\u3059\u3002<\/h2>\n<p><strong>Log4Shell \u306e\u4e3b\u306a\u7279\u5fb4:<\/strong><\/p>\n<ul>\n<li>\u8106\u5f31\u306a\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2: Apache Log4j 2.x \u30d0\u30fc\u30b8\u30e7\u30f3 (2.15.0 \u307e\u3067) \u304c\u5f71\u97ff\u3092\u53d7\u3051\u307e\u3059\u3002<\/li>\n<li>CVSS \u30b9\u30b3\u30a2: 10.0 (\u91cd\u5927)<\/li>\n<li>\u60aa\u7528\u30d9\u30af\u30c8\u30eb: \u30ea\u30e2\u30fc\u30c8<\/li>\n<li>\u653b\u6483\u306e\u8907\u96d1\u3055: \u4f4e<\/li>\n<li>\u8a8d\u8a3c\u304c\u5fc5\u8981: \u3044\u3044\u3048<\/li>\n<\/ul>\n<p><strong>\u985e\u4f3c\u306e\u7528\u8a9e\u3068\u306e\u6bd4\u8f03:<\/strong><\/p>\n<table>\n<thead>\n<tr>\n<th>\u8106\u5f31\u6027<\/th>\n<th>CVSS\u30b9\u30b3\u30a2<\/th>\n<th>\u643e\u53d6\u30d9\u30af\u30c8\u30eb<\/th>\n<th>\u653b\u6483\u306e\u8907\u96d1\u3055<\/th>\n<th>\u8a8d\u8a3c\u304c\u5fc5\u8981\u3067\u3059<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u30ed\u30b04\u30b7\u30a7\u30eb<\/td>\n<td>10.0<\/td>\n<td>\u30ea\u30e2\u30fc\u30c8<\/td>\n<td>\u4f4e\u3044<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<\/tr>\n<tr>\n<td>\u30cf\u30fc\u30c8\u30d6\u30ea\u30fc\u30c9<\/td>\n<td>9.4<\/td>\n<td>\u30ea\u30e2\u30fc\u30c8<\/td>\n<td>\u4f4e\u3044<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<\/tr>\n<tr>\n<td>\u7832\u5f3e\u30b7\u30e7\u30c3\u30af<\/td>\n<td>10.0<\/td>\n<td>\u30ea\u30e2\u30fc\u30c8<\/td>\n<td>\u4f4e\u3044<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<\/tr>\n<tr>\n<td>\u30b9\u30da\u30af\u30bf\u30fc<\/td>\n<td>5.6<\/td>\n<td>\u30ed\u30fc\u30ab\u30eb\/\u30ea\u30e2\u30fc\u30c8<\/td>\n<td>\u4f4e\u3044<\/td>\n<td>\u3044\u3044\u3048<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Log4Shell \u306b\u95a2\u9023\u3059\u308b\u5c06\u6765\u306e\u5c55\u671b\u3068\u6280\u8853\u3002<\/h2>\n<p>Log4Shell \u306e\u8106\u5f31\u6027\u306f\u3001\u696d\u754c\u306b\u3068\u3063\u3066\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3068\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2 \u30b5\u30d7\u30e9\u30a4 \u30c1\u30a7\u30fc\u30f3\u306e\u6574\u5408\u6027\u3092\u512a\u5148\u3059\u3079\u304d\u3068\u3044\u3046\u8b66\u9418\u3068\u306a\u308a\u307e\u3057\u305f\u3002\u305d\u306e\u7d50\u679c\u3001\u4eca\u5f8c\u540c\u69d8\u306e\u554f\u984c\u306b\u53d6\u308a\u7d44\u3080\u305f\u3081\u306e\u3044\u304f\u3064\u304b\u306e\u8996\u70b9\u3068\u30c6\u30af\u30ce\u30ed\u30b8\u304c\u767b\u5834\u3057\u307e\u3057\u305f\u3002<\/p>\n<ol>\n<li><strong>\u5f37\u5316\u3055\u308c\u305f\u30d1\u30c3\u30c1\u7ba1\u7406<\/strong>: \u7d44\u7e54\u306f\u3001\u30bf\u30a4\u30e0\u30ea\u30fc\u306a\u66f4\u65b0\u3092\u4fdd\u8a3c\u3057\u3001Log4Shell \u306a\u3069\u306e\u8106\u5f31\u6027\u3092\u9632\u3050\u305f\u3081\u306b\u3001\u81ea\u52d5\u30d1\u30c3\u30c1\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0\u3092\u5c0e\u5165\u3057\u3066\u3044\u307e\u3059\u3002<\/li>\n<li><strong>\u30b3\u30f3\u30c6\u30ca\u5316\u3068\u30de\u30a4\u30af\u30ed\u30b5\u30fc\u30d3\u30b9<\/strong>Docker \u3084 Kubernetes \u306a\u3069\u306e\u30b3\u30f3\u30c6\u30ca \u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u306b\u3088\u308a\u3001\u5206\u96e2\u3055\u308c\u305f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u74b0\u5883\u304c\u5b9f\u73fe\u3057\u3001\u8106\u5f31\u6027\u306e\u5f71\u97ff\u304c\u5236\u9650\u3055\u308c\u307e\u3059\u3002<\/li>\n<li><strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u76e3\u67fb\u304a\u3088\u3073\u8a55\u4fa1\u30c4\u30fc\u30eb<\/strong>: \u6f5c\u5728\u7684\u306a\u30ea\u30b9\u30af\u3092\u7279\u5b9a\u3059\u308b\u305f\u3081\u306b\u30bd\u30d5\u30c8\u30a6\u30a7\u30a2\u306e\u4f9d\u5b58\u95a2\u4fc2\u3092\u76e3\u67fb\u304a\u3088\u3073\u8a55\u4fa1\u3059\u308b\u306b\u306f\u3001\u9ad8\u5ea6\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30c4\u30fc\u30eb\u304c\u4e0d\u53ef\u6b20\u306b\u306a\u308a\u3064\u3064\u3042\u308a\u307e\u3059\u3002<\/li>\n<li><strong>\u53b3\u683c\u306a\u30e9\u30a4\u30d6\u30e9\u30ea\u30d0\u30fc\u30b8\u30e7\u30f3\u7ba1\u7406<\/strong>: \u958b\u767a\u8005\u306f\u30e9\u30a4\u30d6\u30e9\u30ea\u306e\u4f9d\u5b58\u95a2\u4fc2\u306b\u3064\u3044\u3066\u3088\u308a\u614e\u91cd\u306b\u306a\u308a\u3001\u9069\u5207\u306b\u30e1\u30f3\u30c6\u30ca\u30f3\u30b9\u3055\u308c\u305f\u6700\u65b0\u30d0\u30fc\u30b8\u30e7\u30f3\u306e\u307f\u3092\u9078\u629e\u3057\u307e\u3059\u3002<\/li>\n<li><strong>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30d0\u30b0\u5831\u5968\u91d1\u30d7\u30ed\u30b0\u30e9\u30e0<\/strong>: \u7d44\u7e54\u306f\u3001\u30b5\u30a4\u30d0\u30fc\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u7814\u7a76\u8005\u304c\u8cac\u4efb\u3092\u6301\u3063\u3066\u8106\u5f31\u6027\u3092\u767a\u898b\u3057\u3066\u5831\u544a\u3059\u308b\u3088\u3046\u5968\u52b1\u3057\u3001\u65e9\u671f\u767a\u898b\u3068\u8efd\u6e1b\u3092\u53ef\u80fd\u306b\u3057\u3066\u3044\u307e\u3059\u3002<\/li>\n<\/ol>\n<h2>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u3092 Log4Shell \u3067\u4f7f\u7528\u3059\u308b\u65b9\u6cd5\u3001\u307e\u305f\u306f Log4Shell \u306b\u95a2\u9023\u4ed8\u3051\u308b\u65b9\u6cd5\u3002<\/h2>\n<p>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u3068\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306e\u4ef2\u4ecb\u5f79\u3068\u3057\u3066\u6a5f\u80fd\u3057\u3001\u30b5\u30a4\u30d0\u30fc \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u5f37\u5316\u3059\u308b\u4e0a\u3067\u91cd\u8981\u306a\u5f79\u5272\u3092\u679c\u305f\u3057\u307e\u3059\u3002\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u81ea\u4f53\u306f Log4Shell \u306b\u5bfe\u3057\u3066\u76f4\u63a5\u8106\u5f31\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u9593\u63a5\u7684\u306b\u8106\u5f31\u6027\u306b\u95a2\u9023\u3059\u308b\u30ea\u30b9\u30af\u3092\u8efd\u6e1b\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<p><strong>Log4Shell \u7de9\u548c\u306b\u304a\u3051\u308b\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306e\u5f79\u5272:<\/strong><\/p>\n<ol>\n<li><strong>\u30a6\u30a7\u30d6\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0<\/strong>: \u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u60aa\u610f\u306e\u3042\u308b\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3057\u3066\u30d6\u30ed\u30c3\u30af\u3057\u3001\u653b\u6483\u8005\u304c\u8106\u5f31\u306a Web \u30b5\u30fc\u30d0\u30fc\u306b\u5230\u9054\u3059\u308b\u306e\u3092\u9632\u304e\u307e\u3059\u3002<\/li>\n<li><strong>\u30b3\u30f3\u30c6\u30f3\u30c4\u691c\u67fb<\/strong>: \u30d7\u30ed\u30ad\u30b7\u306f\u3001\u7740\u4fe1\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3068\u767a\u4fe1\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u691c\u67fb\u3057\u3066\u60aa\u610f\u306e\u3042\u308b\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u691c\u51fa\u3057\u3001\u653b\u6483\u306e\u8a66\u307f\u3092\u963b\u6b62\u3067\u304d\u307e\u3059\u3002<\/li>\n<li><strong>SSL\u691c\u67fb<\/strong>: \u30d7\u30ed\u30ad\u30b7\u306f SSL\/TLS \u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u5fa9\u53f7\u5316\u3057\u3066\u691c\u67fb\u3059\u308b\u3053\u3068\u306b\u3088\u308a\u3001\u6697\u53f7\u5316\u3055\u308c\u305f\u63a5\u7d9a\u5185\u306b\u96a0\u3055\u308c\u305f\u60aa\u610f\u306e\u3042\u308b\u30b3\u30fc\u30c9\u3092\u691c\u51fa\u3057\u3066\u30d6\u30ed\u30c3\u30af\u3067\u304d\u307e\u3059\u3002<\/li>\n<li><strong>\u30ad\u30e3\u30c3\u30b7\u30e5\u3068\u5727\u7e2e<\/strong>: \u30d7\u30ed\u30ad\u30b7\u306f\u983b\u7e41\u306b\u30a2\u30af\u30bb\u30b9\u3055\u308c\u308b\u30ea\u30bd\u30fc\u30b9\u3092\u30ad\u30e3\u30c3\u30b7\u30e5\u3067\u304d\u308b\u305f\u3081\u3001\u8106\u5f31\u306a\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u901a\u904e\u3059\u308b\u30ea\u30af\u30a8\u30b9\u30c8\u306e\u6570\u3092\u6e1b\u3089\u3059\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/li>\n<\/ol>\n<p>OneProxy \u306e\u3088\u3046\u306a\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc \u30d7\u30ed\u30d0\u30a4\u30c0\u30fc\u306f\u3001Log4Shell \u56fa\u6709\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u81ea\u793e\u306e\u30b5\u30fc\u30d3\u30b9\u306b\u7d71\u5408\u3057\u3001\u65b0\u305f\u306a\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u9867\u5ba2\u306e\u5168\u4f53\u7684\u306a\u4fdd\u8b77\u3092\u5f37\u5316\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<p>Log4Shell \u3068\u30b7\u30b9\u30c6\u30e0\u3092\u4fdd\u8b77\u3059\u308b\u65b9\u6cd5\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u6b21\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ol>\n<li><a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/\" target=\"_new\" rel=\"noopener nofollow\">Apache Log4j \u516c\u5f0f\u30b5\u30a4\u30c8<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_new\" rel=\"noopener nofollow\">NIST \u56fd\u5bb6\u8106\u5f31\u6027\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9 (NVD) \u2013 CVE-2021-44228<\/a><\/li>\n<li><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa21-339a\" target=\"_new\" rel=\"noopener nofollow\">CISA \u2013 \u8b66\u544a (AA21-339A) \u2013 \u76d7\u96e3\u8cc7\u683c\u60c5\u5831\u306e\u5897\u5e45<\/a><\/li>\n<\/ol>\n<p>\u6700\u65b0\u60c5\u5831\u3092\u5165\u624b\u3057\u3001Log4Shell \u306e\u6f5c\u5728\u7684\u306a\u8105\u5a01\u304b\u3089\u30b7\u30b9\u30c6\u30e0\u3092\u4fdd\u8b77\u3057\u307e\u3059\u3002<\/p>","protected":false},"featured_media":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477869","wiki","type-wiki","status-publish","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Log4Shell: Unraveling the Complexities of a Critical Vulnerability<\/mark>","faq_items":[{"question":"What is Log4Shell?","answer":"<p>Log4Shell is a critical vulnerability that emerged in late 2021. It exploits a flaw in the widely used logging library, Apache Log4j, allowing attackers to execute remote code on vulnerable systems.<\/p>"},{"question":"How did Log4Shell originate?","answer":"<p>The vulnerability originated in the Apache Log4j logging framework. It was first publicly mentioned by the CERT Coordination Center at Carnegie Mellon University on December 9, 2021.<\/p>"},{"question":"How does Log4Shell work?","answer":"<p>Log4Shell manipulates the Log4j \"lookup\" feature, injecting malicious code into vulnerable systems through specially crafted log messages. When the application processes these logs, the attacker's code executes, granting unauthorized access.<\/p>"},{"question":"What are the key features of Log4Shell?","answer":"<p>Log4Shell's criticality is highlighted by its CVSS score of 10.0. It impacts millions of systems, including web servers, enterprise apps, and cloud services. Attackers can exploit it to gain control, steal data, and disrupt services.<\/p>"},{"question":"What types of Log4Shell exist?","answer":"<p>Log4Shell can impact web servers, enterprise apps, cloud services, and IoT devices.<\/p>"},{"question":"How can Log4Shell be used, and what are the solutions to related problems?","answer":"<p>Log4Shell can be used to compromise web servers, breach corporate networks, launch DDoS attacks, and create IoT botnets. Solutions include prioritizing patch management, conducting regular security audits, and upgrading legacy applications.<\/p>"},{"question":"What are the main characteristics of Log4Shell, and how does it compare to similar terms?","answer":"<p>Log4Shell is characterized by its high CVSS score, remote exploitation vector, low attack complexity, and no authentication required. It is more critical than terms like Heartbleed, Shellshock, and Spectre.<\/p>"},{"question":"What are the future perspectives and technologies related to Log4Shell?","answer":"<p>The industry emphasizes enhanced patch management, containerization, security auditing tools, library version control, and bug bounty programs to mitigate future vulnerabilities.<\/p>"},{"question":"How can proxy servers be associated with Log4Shell?","answer":"<p>Proxy servers indirectly contribute to Log4Shell mitigation by filtering malicious traffic, inspecting content, decrypting SSL traffic, caching resources, and compressing data.<\/p>"},{"question":"Where can I find more information about Log4Shell?","answer":"<p>For more information, visit the official Apache Log4j website, the NIST National Vulnerability Database (CVE-2021-44228), and CISA's Alert (AA21-339A) on Amplified Stolen Credentials. Stay informed and safeguard your systems against Log4Shell's threats.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/477869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/477869\/revisions"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=477869"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}