[Important] Apache Log4j Security Update Advisory | MONITORAPP

Blog

Get the latest cybersecurity news

[Important] Apache Log4j Security Update Advisory

 

 

 

 

 

 

 

 

Warm greetings, this is MONITORAPP.

The Apache Software Foundation has released a security update that addresses a vulnerability in Log4j (https://logging.apache.org/log4j) software.

 

Log4j, where the vulnerability was discovered, is a Java-based open source utility program used to leave logs while writing programs.

Since attackers can use this vulnerability to cause damage such as malware infection, users of the corresponding version should update to the latest version.

 

■ Affected Version

o Apache Log4j 2
– 2.0-beta9 ~ 2.14.1 All versions
o Products that use Apache Log4j 2
※ Check the reference site [4] and, if you are using the product, apply patches or countermeasures according to the manufacturer's recommendations.

 

■ Log4j2 Vulnerability Patch

With the update on December 10, 2021, the vulnerability patch was provided to Log4j 2.15.0 version as follows.
https://logging.apache.org/log4j/2.x/download.html

■ Compensatory Measures for Log4j2 Vulnerabilities

If patching a vulnerability is difficult, please take temporary measures as follows.

– Versions between Log4j 2.10 and 2.14.1
Change the value of the system property log4j2.formatMsgNoLookups or the environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true.

– Versions between Log4j 2.0-beta9 and 2.10.0
Remove the JndiLookup class like this:
# zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

 

■ MONITORAPP Products Vulnerability Response Status

MONITORAPP products are not affected by this vulnerability.

The vulnerability attack detection pattern is applied to the WAF product to detect/respond. (Version released on December 12, 2021)

Pattern name: Apache Log4j Remote Code Execution – JNDI features

  • New pattern information – AIWAF, Apache Log4j remote code execution vulnerability (CVE-2021-44228)

– v4.0.2: End of support as of July 1, 2020

– v4.1.0 ~ v4.1.6 : W.3.0.124.0003_20211212_40ae24446210b0f68e3a6f138da54e44

– v5.0.0 ~ : W.5.0.024.0003_20211212_37dac25d8faf8d88f9af02177da1c0d7241b893b9848b16b15b2ca060ec7d388

 

Reference Sites
https://logging.apache.org/log4j/2.x/security.html
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

Scroll Up