We are fairly confident that we are not vulnerable to the Log4J bug, but we will be releasing an update soon with an updated version of Log4J. Stay tuned.
EDIT: Please download 5.1.4-b2090 for the log4j update as well as a few other libraries.
CVE-2021-44228 – Patching is Recommended for Evolving Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)
Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This inclu…
CVE-2021-44228 – Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)
See how Akamai helped open-source logging library Log4j fight against a critical unauthenticated remote code execution (RCE) vulnerability and reduce customer exposure.
modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell [update]
As a fast workaround, a friend of mine made a modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell, which he allowed me to share with you. SecRule \ ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING “jndi:ldap:” \ “phase:1, \ id:751001, \ t:none, \ deny, \ status:403, \ log, \ auditlog, \ msg:’Block: CVE-2021-44228 – deny pattern \”jndi:ldap:\”‘, \ severity:’5’, \ rev:1, \ tag:’no_ar'” New […]
The post modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell [update] first appeared on Robert Penz Blog.
Jitsi Workaround for CVE-2021-44228/LogJam/Log4Shell
You surely heard of the LogJam / Log4Shell / CVE-2021-44228 – if not, take a look at this blog post. If you’re running Jitsi is most likely vulnerable and as there is no fix currently, you need a workaround which I provide here for you. You need to add -Dlog4j2.formatMsgNoLookups=True at the correct places in […]
The post Jitsi Workaround for CVE-2021-44228/LogJam/Log4Shell first appeared on Robert Penz Blog.
Sign up to our newsletter for a weekly roundup of travel news
CNN.com – RSS Channel – World CNN.com – RSS Channel – World https://www.cnn.com/world/index.html GlobalNewsBot GlobalNewsBot
Announcing Property Manager Extensions for the Integrated Development Environment
We?re proud to announce the 1.0 release of the Property Manager extension to Visual Studio Code and Eclipse. With the new Property Manager extension, you can edit and validate Property Manager API (PAPI) JSON rule trees right from your integrated deve…
OB Notes
A new OB page. Have been expanding, updating, and rearranging it. But there’s always more to do. Continue reading
Security’s Role in Internet Resilience
One aspect of resilience on the internet is that things ? notably servers and resources ? move around. Sometimes moves are legitimate, such as when a popular site evolves from hosting their own website to moving to a cloud provider to using a CDN to ha…
Kali Linux 2021.4 Release
With the end of 2021 just around the corner, we are pushing out the last release of the year with Kali Linux 2021.4, which is ready for immediate download or updating.
The summary of the changelog since the 2021.3 release from September 2021 is:
Impro…