img

What is Apache Log4j vulnerability (CVE-2021-44228) and how it can impact you?

About the webinar

The recently identified vulnerability in Apache Log 4J 2 has impacted countless servers, putting widely used applications and cloud services at risk. Log4j2 is a ubiquitous library used by millions for Java applications. The vulnerability, when exploited, results in remote code execution on the vulnerable server with system-level privileges. As a result, it is rated at CVSS v3 score of 10.0.

In the PoC it has been highlighted that the vulnerability is extremely easy to exploit by submitting a specially crafted request to the vulnerable system, which in turn will instruct system to download and execute a malicious payload.

  • Affected versions of Log4J –  Apache Log4j 2.x <= 2.15.0-rc1
  • Latest version available for upgrade – Apache Log4j 2.15.0-rc2 (released 06-12-2021)

Takeaways from the webinar:

  • What is Apache Log4j vulnerability (CVE-2021-44228) and how it can impact you?
  • List of affected systems/ software
  • Availability of Patch
  • Mitigation Approach and Steps
  • How SISA can help secure your systems from CVE-2021-44228 vulnerability?
  • Proof of Concept (POC)