How Does Huawei Cloud CFW Detect and Defend Against Attacks Exploiting the Apache Log4j Remote Code Execution Vulnerability?
Apache Log4j2 has a remote code execution vulnerability (CVE-2021-44228). When Apache Log4j2 processes user input during log processing, attackers can construct special requests to trigger remote code execution. The POC has been disclosed and the risk is high.
On December 16, Apache announced that in versions earlier than 2.16.0, there was a remote code execution vulnerability (CVE-2021-45046).
Apache Log4j2 is a widely used Java-based logging utility. If you are an Apache Log4j2 user, check your system and implement timely security hardening.
Huawei Cloud CFW can detect and intercept the Apache Log4j2 remote code execution vulnerability.
Vulnerability Name
Apache Log4j remote code execution vulnerability
Affected Products
Affected versions:
2.0-beat9 <= Apache Log4j 2.x < 2.16.0 (Version 2.12.2 is not affected.)
Affected applications and components: spring-boot-starter-log4j2, Apache Solr, Apache Flink, and Apache Druid.
Secure versions:
Apache Log4j 1.x
Apache Log4j 2.16.0
Mitigation
- Log in to the CFW console and perform the following operations:
- Purchase the CFW standard edition. For details, see Purchasing CFW.
- Enable Basic protection on the Intrusion Prevention page and set Action to Block. For details, see Configuring Intrusion Prevention.
Troubleshooting FAQs
- How Do I Troubleshoot CFW Protection When Service Traffic Is Abnormal?
- Why Are Traffic and Attack Logs Incomplete on the Traffic Analysis Page?
- Why Does a Configured Policy Not Take Effect?
- What Do I Do If IPS Blocks Normal Services?
- What Do I Do If There Is No Data in Access Control Logs?
- How Does Huawei Cloud CFW Detect and Defend Against Attacks Exploiting the Apache Log4j Remote Code Execution Vulnerability?
- How Does CFW Detect and Defend Against Attacks Exploiting the Spring Framework Remote Code Execution Vulnerability?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
more