A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. Read more.
The attack surface is very wide since it’s almost impossible to find any single Java project without the log4j library enabled. It affects internal services and APIs that are based on Java and uses other API and application data to log them.
Wallarm automatically identifies attempts of the Log4Shell exploitation and logs these attempts in the Wallarm Console. Corresponding changes have been added within two hours after the first information about CVE-2021-44228 has been published.
You can search for the relevant events by using filter by CVE:
When using Wallarm in blocking mode, these attacks will be automatically blocked. No actions are required.
When using a monitoring mode, we suggest creating a virtual patch. Feel free to reach out to support@wallarm.com if you need assistance.
Is an AI-to-AI attack scenario a science fiction possibility only for blockbusters like the Terminator…
Lefteris Tzelepis, CISO at Steelmet /Viohalco Companies, was shaped by cybersecurity. From his early exposure…
This is a predictions blog. We know, we know; everyone does them, and they can…
The attack landscape has been dynamic following the disclosure of the React Server Components RCE…
As the year draws to a close, it’s worth pausing to look back on what…
On December 3, 2025, React maintainers disclosed a critical unauthenticated remote code execution (RCE) vulnerability…