Quick update

• Wallarm has rolled out the update to detect and mitigate CVE-2021-44228.
• No additional actions are required from the customers
• Attempts at exploitation will be automatically blocked in a blocking mode
• When working in a monitoring mode, consider creating a virtual patch

Log4Shell

A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI url. Given how ubiquitous this library is, the impact of the exploit (full server control), and how easy it is to exploit, the impact of this vulnerability is quite severe. Read more.

The attack surface is very wide, since it’s almost impossible to find any single Java project without the log4j library enabled. It affects internal services and APIs that are based on Java and uses other API and application data to log them.

Wallarm update

Wallarm automatically identifies attempts of the Log4Shell exploitation and logs these attempts in the Wallarm Console. Corresponding changes have been added within two hours after the first information about CVE-2021-44228 has been published.

You can search for the relevant events by using filter by CVE:

Mitigation

When using Wallarm in blocking mode, these attacks will be automatically blocked. No actions required.

When using a monitoring mode, we suggest creating a virtual patch. Feel free to reach out to support@wallarm.com if you need assistance.