Lucene search

K
wallarmlabIvanwallarmWALLARMLAB:060FBB90648BCDE11554492408AE89C8
HistoryDec 10, 2021 - 8:56 p.m.

Log4j 0day mitigation update CVE-2021-44228

2021-12-1020:56:40
Ivanwallarm
lab.wallarm.com
32

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

  • Wallarm has rolled out the update to detect and mitigate CVE-2021-44228.
    • No additional actions are required from the customers
    • Attempts at exploitation will be automatically blocked in a blocking mode
    • When working in a monitoring mode, consider creating a virtual patch

Log4Shell

A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. Read more.

The attack surface is very wide since it’s almost impossible to find any single Java project without the log4j library enabled. It affects internal services and APIs that are based on Java and uses other API and application data to log them.

Wallarm update

Wallarm automatically identifies attempts of the Log4Shell exploitation and logs these attempts in the Wallarm Console. Corresponding changes have been added within two hours after the first information about CVE-2021-44228 has been published.

You can search for the relevant events by using filter by CVE:

Mitigation

When using Wallarm in blocking mode, these attacks will be automatically blocked. No actions are required.

When using a monitoring mode, we suggest creating a virtual patch. Feel free to reach out to [email protected] if you need assistance.

The post Log4j 0day mitigation update CVE-2021-44228 appeared first on Wallarm.

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C