The Apache Log4j2 CVE-2021-44228 Remote Code Execution Vulnerability Was Publicly Disclosed and Huawei Security Products Have Been Able to Handle It
|
Vulnerability Overview On December 9th, 2021, Huawei found that the Apache Log4j2 remote code execution vulnerability was publicly disclosed and that the PoC for this vulnerability appeared on the Internet. The vulnerability has a wide range of impacts and is not hard to exploit. Successful exploitation results in remote arbitrary code execution. Therefore, it is strongly recommended that you upgrade the component version or use the solution provided in this notice to avoid hacker attacks. Huawei security products have released IPS signatures to support the handling of such a vulnerability.
Affected Versions Log4j all versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.14.1
Troubleshooting Method Check the Apache Log4j version, and perform operations for the involved version.
Solution 1. Huawei solution Since Huawei detected this vulnerability, security research engineers have been paying close attention to the vulnerability information and immediately developed corresponding IPS signatures. The latest IPS signature database has been pushed to the upgrade website for customers to upgrade.
2. Vendor solution (1) Install the official patch to upgrade the Log4j version. The link is as follows: https://github.com/apache/logging-log4j2/archive/refs/tags/rel/2.12.2.zip https://github.com/apache/logging-log4j2/archive/refs/tags/rel/2.16.0.zip (2) Temporary workaround 1. Set the JVM parameter -Dlog4j2.formatMsgNoLookups=true. 2. Set log4j2.formatMsgNoLookups=True. 3. Set the system environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS to true. References https://logging.apache.org/log4j/2.x/security.html Attachment: Immediate upgrade operation mode:
|
