GDT Webinar Series – How to Fail at Security? Reserve Your Spot

Recommendations for Apache Log4J 2 Vulnerability

Apache Log4j 2 vulnerability

A new critical vulnerability has been found in a popular Apache java-based logging service known as Log4j 2. Log4j is widely used in many Java applications and ships by default with many enterprise applications, IT management systems, and over 400,000 open-source projects. This is a critical vulnerability that is actively being exploited by threat actors across the globe. GDT highly recommends that you take steps to analyze your current environment, evaluate mitigations, configure protections, and upgrade vulnerable systems as quickly as is feasible given your business operations.

The vulnerability known as Log4shell permits attackers to execute remote code on the target host. Many Java-based applications leverage log4j as their logging utility and are vulnerable, making this one of the most broadly available and easily exploited vulnerabilities in recent years. 

Current CVEs: 

  • CVE-2021-44228 
  • CVE-2021-45046 
  • CVE-2017-5645, 
  • CVE-2019-17571 


GDT’s Recommendations 

Identify vulnerable systems:

  • Identifying existing vulnerable systems in your environment is a key step in protecting and patching. This can be a significant effort but is key to a successful response. Existing inventory management and software lifecycle management systems will aid in this effort. There are also some scanning tools being made freely available by security researchers. As with many events like this, attackers know organizations will be scrambling for these tools and may embed malware in scanners and make them available on the web, so it is vital that you ensure you’re getting any scanning tools from a trusted source.
  • Many IT infrastructure systems use Apache and Java for their management interfaces, so it’s important to identify IT systems as a part of the discovery. This includes network management systems, IP phone systems, video surveillance management systems, information security systems, etc.
    • Application and API inspection: 
      • From an edge or transit network perspective, next-generation firewalls and web application inspection services can detect and block these types of attacks. One key prerequisite would be to ensure proper SSL inspection is enabled on existing next-generation firewalls and web application inspection services. For cloud-based services, API security rules can be deployed leveraging many of the cloud security tools available from our partners. Host technology such as XDR can detect and block this attack today, so ensuring servers, endpoints, and management systems are actively using a managed XDR solution significantly reduces the risk associated with these types of attacks.
    • Application Policy enforcement: 
      • Assess and/or develop whitelisting strategies as it pertains to next-generation firewalls for key corporate applications to mitigate suspicious traffic and remote calls to unexpected applications and/or servers. Note: Utilization of application server firewalls to prevent unexpected communication between applications is recommended. 
    • Java Recommendations: 
      • Disable JNDI, if possible, within your log4j deployment. This may be a complex task given development and application dependencies but may be a good interim compensating control, barring other options.
    • Patching options: 

Contact GDT: 

GDT has experts on staff that are actively aiding our clients with identifying and patching their systems, enabling SSL inspection, maturing their security posture, and ensuring they’re getting the most out of their existing security tools. Contact GDT for more details and to schedule a call with our expert Solutions Architects.


Share this article

You might also like:

As the head of GDT’s security practice and an industry veteran, Jeanne Malone and her team help customers worldwide advance their cybersecurity posture. One of the biggest cybersecurity game-changers is artificial intelligence (AI). We asked Jeanne to weigh in on leveraging AI and machine learning in cybersecurity to improve intrusion

NCAA basketball coaching legend Bobby Knight once said: “Good basketball always starts with a good defense.” Winning teams understand their opponents’ strengths and weaknesses, as well as their own. They study their opponents’ plays and anticipate their next moves. The same concept is true for cybersecurity, which is why, at

Dallas, Texas, January 31, 2024 – General Datatech (GDT), a leading global IT services provider, has worked with Juniper Networks to launch GDT Network as a Service (NaaS), Powered by Juniper. This modern networking approach simplifies network design, implementation, and management by delivering a flexible, subscription-based option to access the industry’s