CVE-2021-44228 – Apache Log4j Remote Code Execution Vulnerability

A critical zero-day remote code execution vulnerability identified as CVE-2021-44228 was published through various sources this past week affecting many versions of Apache Log4j. There are growing numbers of active exploitations in the wild, and CISA is recommending that affected systems be patched to Apache Log4j 2.16 immediately to mitigate.

JNDI features used in configuration, log …

Read More…

Log4Shell Remediation Resources

The Log4Shell (Log4j) situation is rapidly evolving. The purpose of this page is to provide a jump-off point to resources, with an emphasis on Bureau-wide remediation activities. Questions should be directed to GS Security Assurance.

Log4j Version 1.x Vulnerabilities: EVSS has new Nessus plugins that identify Log4j version 1.x instances as vulnerable. (Plugin IDs: 156860, 156032, 156103, 156240). …

Read More…