/plushcap/analysis/cloudflare/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability

Protection against CVE-2021-45046, the additional Log4j RCE vulnerability

What's this blog post about?

A second Log4J vulnerability, CVE-2021-45046, has been identified following the initial CVE-2021-44228. This new vulnerability is actively being exploited and users should update to version 2.16.0 as soon as possible. Cloudflare WAF customers have three rules available for mitigating exploit attempts, with an additional fourth rule providing broader protection but at the cost of a higher false positive rate. Log4J is a Java-based logging library maintained by Apache Software Foundation and is affected in all versions >= 2.0-beta9 and <= 2.14.1 due to JNDI features that can be exploited for remote code execution.

Company
Cloudflare

Date published
Dec. 15, 2021

Author(s)
Gabriel Gabor, Andre Bluehs

Word count
295

Language
English

Hacker News points
3


By Matt Makai. 2021-2024.