One tool for test automation for every service, application, and platform. aiTest Launching Soon - Secure Your FREE Spot (Limited to the First 100 Signups)! | Join us on Tuesday, 25th August 2023, for an insightful webinar on 'Enhance the efficiency of Cloud monitoring using LogicMonitor' and optimize your cloud operations like never before!

The Worst Security Vulnerability In Last 10 Years

the-worst-security-vulnerability-in-last-10-years

Many of you are working hard on fixing the new and serious Log4j 2 vulnerability CVE-2021-44228, which has a 10.0 CVSS score.

We have helped all our customers. If you are facing an issue, and need help reach out to us@ https://aaic.cc/5r9p

Here is a Success Story

https://aaic.cc/ajav

Here we are summarizing fixes required to minimize the attack of this vulnerability on the infrastructure.

Note: This is only applicable if you are using a Java-based environment with the log4j logging library enabled.

1. Mitigation using AWS WAF:

To block all the bad requests at the AWS WAF level only, make sure you have the AWS Managed Rules Known Bad Inputs Rule Set and AWS Managed Rules Anony mouse Ip List rules in AWS Managed Rules for WAF enabled. This is applicable only for WAFv2.
Reference Terraform Code:https://github.com/OllieJC/aws-log4j-mitigations/blob/main/aws_waf/rule.tf
Ref: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/

2. Upgrade log4j:

As of writing this documentation, log4j 2.16.0 is available. In addition to fixes to the CVE, Log4j 2.16.0 disables JNDI functionality by default and removes Message Lookups as well. Make sure you are upgrading log4j to 2.16.0.

If you are not able to upgrade to the latest version, you can also delete the JNDI lookup class by using the following command:

$ zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

Ref: https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0

3. Amazon OpenSearch:

Amazon OpenSearch Service has released a critical service software update, R20211203-P2, that contains an updated version of Log4j2 in all regions. You should receive an email for the update on your root AWS account email address and a notification into AWS Console as well.

Ref: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

4. ELK Stack:

a. Upgrade to the elasticsearch version 7.16.1 which disables JNDI lookups and patched log4j jar to remove the JndiLookup class from the classpath.
Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.1.html

b. Upgrade logstash version 7.16.1 which updates dependencies for log4j to 2.15.0
Ref: https://www.elastic.co/guide/en/logstash/current/logstash-7-16-1.html

5. Scanning Local Docker Images for log4j vulnerability:

First, update your docker scan library to 0.11.0+ or update Docker Desktop to 4.3.1+.
Now you can use the docker scan command to scan your local images for log4j vulnerability.

Example:
$ docker scan elastic/logstash:7.13.3

More To Explore