log4j2

Log4j vulnerability new variants

The security team from Cloudflare did continue to investigate and found additional flaws in the 2.15.0 version of Apache Log4j, which allows adversaries to initiate denial-of-service (DoS) attacks (CVE-2021-45046). The issue has been addressed on the newly available version which is 2.16.0. All companies which include Log4j on their infrastructure stack are suggested to patch to the updated version.

Cloudflare is known for its DDOS protection and is used by more than seven million websites, they have advised their customers to modify the WAF configuration to mitigate the exploit.

Rule IDDescriptionDefault Action
100514 (legacy WAF)
6b1cc72dff9746469d4695a474430f12 (new WAF)
Log4J HeadersBLOCK
100515 (legacy WAF)
0c054d4e4dd5455c9ff8f01efe5abb10 (new WAF)
Log4J BodyBLOCK
100516 (legacy WAF)
5f6744fa026a4638bda5b3d7d5e015dd (new WAF)
Log4J URLBLOCK
Source: https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/

The mitigation is divided into three rules that look at HTTP headers, body, and URL, in that order.

They have also introduced a fourth rule that will guard against a far broader variety of assaults at the cost of a greater false-positive rate. As a result, they have made it available, but it’s not set to BLOCK by default:

Rule IDDescriptionDefault Action
100517 (legacy WAF)
2c5413e155db4365befe0df160ba67d7 (new WAF)
Log4J Advanced URI, HeadersDISABLED
Source: https://blog.cloudflare.com/protection-against-cve-2021-45046-the-additional-log4j-rce-vulnerability/

Cloudflare was the preferred choice of Kinsta, to make client websites faster and more secure. The reason they are not affected by log4j vulnerability. Kinsta is a managed WordPress hosting company that offers feature-rich, cost-effective services. They received the highest rating this year from the G2 review.

Source: https://kinsta.com

The Microsoft Threat Intelligence Center (MSTIC) which is behind the famous Windows Defender, is also acting proactively on new threats in relation to the Apache log4j vulnerability. They posted new updates regularly in regards to log4j, here in this URL https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/

The cyber security experts from Praetorian posted on their youtube channel showing the 2.15.0 version of log4j still allows fetching of sensitive data.

Website owners are also worried that the vulnerability might be affecting their business. As the holidays are coming near, hopefully, vacation plans for this year’s end would not be canceled.