Help Center> Cloud Firewall> FAQs> Troubleshooting> How Does Huawei Cloud CFW Detect and Defend Against Attacks Exploiting the Apache Log4j Remote Code Execution Vulnerability?
Updated on 2023-12-06 GMT+08:00
View PDF

How Does Huawei Cloud CFW Detect and Defend Against Attacks Exploiting the Apache Log4j Remote Code Execution Vulnerability?

Apache Log4j2 has a remote code execution vulnerability (CVE-2021-44228). When Apache Log4j2 processes user input during log processing, attackers can construct special requests to trigger remote code execution. The POC has been disclosed and the risk is high.

On December 16, Apache announced that in versions earlier than 2.16.0, there was a remote code execution vulnerability (CVE-2021-45046).

Apache Log4j2 is a widely used Java-based logging utility. If you are an Apache Log4j2 user, check your system and implement timely security hardening.

Huawei Cloud CFW can detect and intercept the Apache Log4j2 remote code execution vulnerability.

Vulnerability Name

Apache Log4j remote code execution vulnerability

Affected Products

Affected versions:

2.0-beat9 <= Apache Log4j 2.x < 2.16.0 (Version 2.12.2 is not affected.)

Affected applications and components: spring-boot-starter-log4j2, Apache Solr, Apache Flink, and Apache Druid.

Secure versions:

Apache Log4j 1.x

Apache Log4j 2.16.0

Mitigation

  1. Log in to the CFW console and perform the following operations:

    1. Purchase the CFW standard edition. For details, see Purchasing CFW.
    2. Enable Basic protection on the Intrusion Prevention page and set Action to Block. For details, see Configuring Intrusion Prevention.

Parent topic: Troubleshooting

Troubleshooting FAQs

more