Log4j CVE-2021-44228

Comments Off on Log4j CVE-2021-44228

We are fairly confident that we are not vulnerable to the Log4J bug, but we will be releasing an update soon with an updated version of Log4J.  Stay tuned.
EDIT:  Please download 5.1.4-b2090 for the log4j update as well as a few other libraries.

Read More >>

CVE-2021-44228 – Patching is Recommended for Evolving Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)

Comments Off on CVE-2021-44228 – Patching is Recommended for Evolving Zero Day Vulnerability in Apache Log4j that allows remote code execution (RCE)

Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228. We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution. This inclu…

Read More >>

modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell [update]

Comments Off on modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell [update]

As a fast workaround, a friend of mine made a modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell, which he allowed me to share with you. SecRule \   ARGS|REQUEST_HEADERS|REQUEST_URI|REQUEST_BODY|REQUEST_COOKIES|REQUEST_LINE|QUERY_STRING “jndi:ldap:” \   “phase:1, \   id:751001, \   t:none, \   deny, \   status:403, \   log, \   auditlog, \   msg:’Block: CVE-2021-44228 – deny pattern \”jndi:ldap:\”‘, \   severity:’5’, \   rev:1, \   tag:’no_ar'” New […]

The post modsecurity rule to filter CVE-2021-44228/LogJam/Log4Shell [update] first appeared on Robert Penz Blog.

Read More >>