New vulnerability alert: log4shell (cve-2021-44228)

Last week, the United States Cybersecurity and Infrastructure Security Agency issued an alert about a new vulnerability in Apache Log4j that you should be aware of.

What you need to know

Log4Shell is a new vulnerability being actively exploited in the wild that should be mitigated ASAP.

The TrustedSite platform does not rely on Log4j and is not, and has not, been vulnerable.

New vulnerability definitions in TrustedSite’s Server and Application Scanning services will identify potentially vulnerable assets.

Manual inspection is required in addition to TrustedSite services.

  • Published: 01-01-2022

  • Related Category: Application Security

  • Type of Content: Articles

  • Owner: TrustedSite

About Log4Shell

The Log4Shell vulnerability lies in Apache Log4j versions 2.0 through 2.14.1. The bug can be easily exploited to enable Remote Code Execution. Some hackers have already developed tools that automatically attempt to exploit the bug. As reported by WIRED, Log4j is widely used in enterprise systems and web apps and it is expected that many mainstream services will be affected. Apache rates the vulnerability at “critical” severity and has published patches and mitigations.

How to protect your organization

Conduct an immediate audit of your code to find dependencies that rely on Log4j. TrustedSite’s Firewall Monitoring can assist you in finding Apache running on your servers. Additionally, several new vulnerabilities are now being detected with Server and Application Scanning.

It’s never been more important to know your true attack surface

With this announcement of the latest critical vulnerability, it’s important to remember that you can’t protect what you don’t know about. If your organization has lost sight of digital assets over the years, it’s possible you could be susceptible to the Log4Shell vulnerability and not realize it. Practicing attack surface management can help ensure you’ve cataloged every asset you have exposed to the internet. With a complete inventory of your attack surface, you can be more confident that no vulnerabilities are hiding in the shadows.

>> Download Article to continue reading.

Related Articles: