Proposal: Case Study on Log4Shell (CVE-2021-44228)

[purnaadithya]

Description:

We propose to create a secure coding case study on the Log4Shell vulnerability (CVE-2021-44228) in Apache Log4j.

This vulnerability allowed attackers to execute remote code by sending specially crafted input that gets logged by an application.

It is an important case because it affected many systems and highlights how unsafe logging features can lead to serious security issues.

This vulnerability is associated with CWE-917 and CWE-74.

Team Members:

• Purna Adithya Akula (G01588237)
• Veera Venkata Satya Siddhartha Gopalam (G01551529)

We plan to proceed with this case study unless there are objections.

[abuttner]

Looks good. Make sure you focus on the coding mistake made by the developers, and then show how that coding mistake was exploitable and what was done to correct it.

[abuttner]

Note that your classmate Dhaanya Sai Garapati has proposed the same case study. Please figure out if you are focusing on different weaknesses, or if you should combine your efforts.

[david-a-wheeler]

Sorry issue #61 was first. If they're willing to swap, great! Otherwise you need to pick something different.