Get In Touch
Sky Loft, Creaticity Mall, Off, Airport Rd, opposite Golf Course, Shastrinagar, Yerawada, Pune, Maharashtra - 411006

The Worst Security Vulnerability In Last 10 Years

The Worst Security Vulnerability In Last 10 Years

Many of you are working hard on fixing the new and serious Log4j 2 vulnerability CVE-2021-44228, which has a 10.0 CVSS score.

We have helped all our customers. If you are facing an issue, and need help reach out to us@ https://aaic.cc/5r9p

Here is a Success Story

https://aaic.cc/ajav

Here we are summarizing fixes required to minimize the attack of this vulnerability on the infrastructure.

Note: This is only applicable if you are using a Java-based environment with the log4j logging library enabled.

1. Mitigation using AWS WAF:

To block all the bad requests at the AWS WAF level only, make sure you have the AWSManagedRulesKnownBadInputsRuleSet and AWSManagedRulesAnonymousIpList rules in AWS Managed Rules for WAF enabled. This is applicable only for WAFv2.
Reference Terraform Code:https://github.com/OllieJC/aws-log4j-mitigations/blob/main/aws_waf/rule.tf
Ref: https://aws.amazon.com/security/security-bulletins/AWS-2021-005/

2. Upgrade log4j:

As of writing this documentation, log4j 2.16.0 is available. In addition to fixes to the CVE, Log4j 2.16.0 disables JNDI functionality by default and removes Message Lookups as well. Make sure you are upgrading log4j to 2.16.0.

If you are not able to upgrade to the latest version, you can also delete the JNDI lookup class by using the following command:

$ zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

Ref: https://logging.apache.org/log4j/2.x/changes-report.html#a2.16.0

3. Amazon OpenSearch:

Amazon OpenSearch Service has released a critical service software update, R20211203-P2, that contains an updated version of Log4j2 in all regions. You should receive an email for the update on your root AWS account email address and a notification into AWS Console as well.

Ref: https://aws.amazon.com/security/security-bulletins/AWS-2021-006/

4. ELK Stack:

a. Upgrade to the elasticsearch version 7.16.1 which disables JNDI lookups and patched log4j jar to remove the JndiLookup class from the classpath.
Ref: https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.1.html

b. Upgrade logstash version 7.16.1 which updates dependencies for log4j to 2.15.0
Ref: https://www.elastic.co/guide/en/logstash/current/logstash-7-16-1.html

5. Scanning Local Docker Images for log4j vulnerability:

First, update your docker scan library to 0.11.0+ or update Docker Desktop to 4.3.1+.
Now you can use the docker scan command to scan your local images for log4j vulnerability.

Example:
$ docker scan elastic/logstash:7.13.3

Post a comment

Your email address will not be published.

We use cookies to give you the best experience.
Applied AI Consulting

AWS Migration Readiness Checklist To Evaluate Your Systems

  1. Step-by-step guide
  2. Conduct the process yourself
  3. Save 80% time
  4. Get accurate results to proceed