Protection against CVE-2021-45046, the additional Log4j RCE vulnerability
December 15, 2021 1:56PM
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible, even if you have previously updated to 2.15.0. The latest version can be found on the Log4J download page....
Continue reading »
Exploitation of Log4j CVE-2021-44228 before public disclosure and evolution of evasion and exfiltration
December 14, 2021 5:48PM
Log4J
Log4Shell
Vulnerabilities
WAF
Security
In this blog post we will cover WAF evasion patterns and exfiltration attempts seen in the wild, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
Sanitizing Cloudflare Logs to protect customers from the Log4j vulnerability
December 14, 2021 10:23AM
Logs
Vulnerabilities
Zero Day Threats
Security
Log4J
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
How Cloudflare security responded to Log4j 2 vulnerability
December 10, 2021 11:39PM
Vulnerabilities
Security
Log4J
Log4Shell
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
Actual CVE-2021-44228 payloads captured in the wild
December 10, 2021 9:06PM
Vulnerabilities
Security
Page Rules
Log4J
Log4Shell
I wrote earlier about how to mitigate CVE-2021-44228 in Log4j, how the vulnerability came about and Cloudflare’s mitigations for our customers. As I write we are rolling out protection for our FREE customers as well because of the vulnerability’s severity....
December 10, 2021 6:36PM
Inside the Log4j2 vulnerability (CVE-2021-44228)
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....