CVE-2021-44228 - Log4j RCE 0-day mitigation

On December 9, 2021, a zero-day exploit (CVE-2021-44228) affecting the Apache Log4j utility was made public, leading to remote code execution. The vulnerability is actively being exploited and users of Log4j are advised to update to version 2.15.0 as soon as possible. Alternatively, the issue can be mitigated by removing the JndiLookup class from the class path or setting specific system properties/environment variables. Cloudflare WAF customers can leverage three newly deployed rules to help mitigate exploit attempts. The situation is being monitored and managed rules will be updated accordingly. Log4j, a Java-based logging library maintained by Apache Software Foundation, is affected in all versions >= 2.0-beta9 and <= 2.14.1.