Enter Keywords

Apache Log4j Guidance

by James Merritt

This article was written by Andrew Parks & James Merritt.

Apache Log4j is an open-source library that is utilized by applications to facilitate logging requests. On December 9th, 2021 a vulnerability was reported (CVE-2021-44228 from the National Vulnerability Database) that impacts applications leveraging Apache Log4j versions 2.14.1 and below. The identified vulnerability can allow malicious actors to perform remote code executions. This is performed by utilizing the Java Naming and Directory Interface (JNDI) to send a specially crafted Uniform Resource Identifier (URI) requests that can cause the application to execute arbitrary code.

The Cybersecurity & Infrastructure Security Agency (CISA) has released an Apache Log4j Vulnerability Guidance post (Link Below) that details steps both vendors and organizations should take to limit the risk of their environments being impacted by the Apache Log4j vulnerability.

FoxPointe Solutions have reviewed and modeled our recommendations after the CISA guidance document. FoxPointe Solutions recommends the following steps for all companies to limit the risk of your environment being impacted by the Apache Log4j vulnerability: 

  • Reach out to your vendors to identify vulnerable systems and request update timelines.
    • Patch all systems immediately that are affected by the Log4j Vulnerability.
  • For internally developed systems, update any Apache Log4j library to the latest available version.
    • The latest version has remediated the vulnerability.
    • If that is not immediately possible, companies should set the setting of “No Lookups property (log4j2.formatMsgNoLookups)” to “true” until they can update.  (Reference)
  • Monitor lists of vulnerable devices to compare with your environment (Link Here)
    • As a note, these lists are constantly changing and not all inclusive currently.
  • External scans of environment are encouraged with updated scan signatures to identify the vulnerability to your environment.
    • Ensure your scan tool has the following vulnerability ID in the signatures: CVE-2021-44228.
  • Configuring WAF rules to identify and block Apache Log4j attempts (as discussed in the CISA guidance).
  • SOC alert rules are also recommended to identify remote code execution on public systems (as discussed in the CISA guidance)

 

Additional information and recommendations can be found here: https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance

FoxPointe Solutions is Here to Help

To learn more about how to protect your business and how FoxPointe Solutions can help, contact us today.

  • Topics
  • Authors
We use cookies and other technologies to optimize site functionally, analyze website traffic, and share information with our service and analytics partners. To view our Privacy Policy, which discusses cookies, click here. By continuing to use & browse our services, you agree to our Privacy Policy, our use of cookies, and the Terms and Conditions.