Subscription confirmed. Thank you for subscribing!
December 15, 2021 1:56PM
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0. The latest version can be found on the Log4J download page....
December 14, 2021 5:48PM
Log4J Log4Shell Vulnerabilities WAF SecurityIn this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
December 14, 2021 10:23AM
Logs Vulnerabilities Zero Day Threats Security Log4JMany Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
December 10, 2021 11:39PM
Vulnerabilities Security Log4J Log4ShellYesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
December 10, 2021 9:24PM
Cloudflare Zero Trust Cloudflare One Zero Trust Cloudflare Gateway Zero Day ThreatsThe vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack....
More Posts
December 10, 2021 9:06PM
I wrote earlier about how to mitigate CVE-2021-44228 in Log4j, how the vulnerability came about and Cloudflare’s mitigations for our customers. As I write we are rolling out protection for our FREE customers as well because of the vulnerability’s severity....
