2021-12-15
This vulnerability is actively being exploited and anyone using Log4J should update to version 2.16.0 as soon as possible. Latest version is available on the Log4J download page....
Continue reading »
2021-12-14
This article covers WAF evasion patterns and exfiltration attempts, trend data on attempted exploitation, and information on exploitation that we saw prior to the public disclosure of CVE-2021-44228....
2021-12-14
Many Cloudflare customers consume their logs using software that uses Log4j, so we are mitigating any exploit attempts via Cloudflare Logs....
2021-12-10
Yesterday, December 9, 2021, when a serious vulnerability in the popular Java-based logging package log4j was publicly disclosed, our security teams jumped into action to help respond to the first question and answer the second question. This post explores the second....
2021-12-10
The vulnerability disclosed yesterday in the Java-based logging package, log4j, allows attackers to execute code on a remote server. We’ve updated Cloudflare’s WAF to defend your infrastructure against this 0-day attack. ...
December 10, 2021 9:06 PM
I wrote earlier about how to mitigate CVE-2021-44228 in Log4j, how the vulnerability came about and Cloudflare’s mitigations for our customers. As I write we are rolling out protection for our FREE customers as well because of the vulnerability’s severity....
December 10, 2021 6:36 PM
In this post we explain the history of this vulnerability, how it was introduced, how Cloudflare is protecting our clients. We will update later with actual attempted exploitation we are seeing blocked by our firewall service....
December 10, 2021 11:39 AM
A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021, that results in remote code execution (RCE)....
