Mitigating the log4j Vulnerability (CVE-2021-44228) with NGINX
Mitigating the log4j Vulnerability (CVE-2021-44228) with NGINX Friday, December 10, 2021 is a date that will be remembered by many IT folks around the globe. It’s when a highly critical zero‑day vulnerability was found in the very popular logging library for Java applications, log4j. The name “Log4Shell” was quickly coined for the exploit, and companies of all sizes rushed to implement mitigation strategies. This was followed by a patching marathon which at the time of writing is still ongoing. NGINX and F5 have analyzed the threat and in this post we offer various mitigation options to keep your applications protected. What is Log4Shell? Version 2.15 and earlier of the log4j library is vulnerable to the remote code execution (RCE) vulnerability described in CVE-2021-44228. (Version 2.16 of log4j patches the vulnerability.) Log4Shell is the name given to the exploit of this vulnerability. [ more… ]
