Apache Log4j’s remote code execution (RCE) vulnerability (CVE-2021-44228) is being broadly exploited as of December 10, 2021, causing large scale intrusions. The vulnerability is extremely harmful that enables remote code executions on systems running vulnerable Log4j versions and allows the attacker full control of the affected server. It can easily affect the default configurations of several Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink and more.
- Vulnerability level: High Risk
- Affected version: 2.0 ≤ Apache Log4j <= 2.14.1
- Security version: Log4j -2.15.0 – rcl
- Security version link: https://github.com/apache/logging-log4j2/releases/tag/log4j-2.15.0-rc2
We recommend that all users of Log4j 2.0 through 2.14.1 should update to version 2.15.0 as soon as possible. If you cannot update version as soon as possible, here are the temporary mitigation steps to help you urgently alleviate and keep you secure:
- Limit outbound access as much as possible
- Modify jvm parameter: -log4j2.formatMsgNoLookups = true
- Modify the configuration: formatMsgNoLookups=True
- System environment variables: set FORMAT_MESSAGES_PATTERN_DISABLE_LOOKUPS to true
CDNetworks security team responded immediately to this high risk vulnerability, and deployed the new WAF rule 9930 for CDNetworks’ systems and products to mitigate the Zero Day CVE on Dec 10th.2021. Any customer who currently is using Application Shield(WAF) or Web Application Firewall will receive updates of new rule 9930 and enable Block Mode on CDNetworks’ portal to detect CVE-2021-44228 exploit attempts and mitigate this Zero Day CVE.