Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
A second Log4J vulnerability, CVE-2021-45046, has been identified following the initial CVE-2021-44228. This new vulnerability is actively being exploited and users should update to version 2.16.0 as soon as possible. Cloudflare WAF customers have three rules available for mitigating exploit attempts, with an additional fourth rule providing broader protection but at the cost of a higher false positive rate. Log4J is a Java-based logging library maintained by Apache Software Foundation and is affected in all versions >= 2.0-beta9 and <= 2.14.1 due to JNDI features that can be exploited for remote code execution.
Company
Cloudflare
Date published
Dec. 15, 2021
Author(s)
Gabriel Gabor, Andre Bluehs
Word count
295
Language
English
Hacker News points
3