Apache Log4j
Threat Update

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

Unit 42 on-demand briefing

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

Protect Against This Critical Vulnerability

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

Dec. 29, 2021 — On December 9, a remote code execution (RCE) vulnerability in Apache Log4j 2 was identified as being exploited in the wild. 

Apache Log4j is an open-source logging utility that is leveraged within numerous Java applications around the world. The release of public proof-of-concept (PoC) code and subsequent investigation revealed that the exploitation was incredibly easy to perform. By submitting a specially crafted request to a vulnerable system, the attacker can instruct the system to download and subsequently execute a malicious payload.  

Due to its recent discovery, there are still many on-premises and cloud servers that have yet to be patched. The exploit code for the CVE-2021-44228 vulnerability has been made publicly available, and massive scanning activity has begun on the internet with the intent of seeking out and exploiting unpatched systems. 

The Unit 42 Threat Intelligence and product development teams continue to monitor this situation for additional details and updates and will share the latest information on the exploit and how to defend against it.

Join the Unit 42 threat research team in this on-demand webinar to learn: 

  • Key details and an analysis of the vulnerability
  • How to determine whether your organization is vulnerable
  • Recommended mitigations
  • What Palo Alto Networks products can do to prevent this vulnerability from being exploited
Note: Unit 42 threat researchers are closely tracking this vulnerability as it evolves and are regularly updating the guidance as new details emerge. Please refer to our threat analysis for the latest guidance.
LP-3 Sec 1 Content
LP-3 Sec 1 Content
LP-3 Sec 1 Content
LP-3 Sec 1 Content
LP-3 Sec 1 Content
LP-3 Sec 1 Content
LP-3 Sec 1 Content
LP-3 Sec 1 Content
LP-3 Sec 1 Content

Apache Log4j
threat update

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME

EDIT ME