/plushcap/analysis/cloudflare/inside-the-log4j2-vulnerability-cve-2021-44228

Inside the Log4j2 vulnerability (CVE-2021-44228)

What's this blog post about?

On December 9, 2021, a severe vulnerability in the Java-based logging package Log4j was disclosed. This flaw allows an attacker to execute code on a remote server, known as Remote Code Execution (RCE). The vulnerability, CVE-2021-44228, affects version 2 of Log4j between versions 2.0-beta-9 and 2.14.1, and is patched in 2.16.0. This issue has been deemed one of the most serious vulnerabilities on the internet since Heartbleed and ShellShock due to the widespread use of Java and Log4j. Cloudflare has implemented firewall rules to protect its clients from this vulnerability, while also ensuring that their systems are not vulnerable or have mitigated the issue. Companies using Java-based software with Log4j should immediately apply mitigation techniques to protect their systems.

Company
Cloudflare

Date published
Dec. 10, 2021

Author(s)
John Graham-Cumming

Word count
1123

Language
English

Hacker News points
21


By Matt Makai. 2021-2024.