最新消息
[資安]Apache Log4j2重大資安漏洞通知
2021/12/14本次通知摘要如下:
安全專家發現了一個高危險安全漏洞(CVE-2021-44228)-Apache Log4j2遠端代碼執行漏洞(影響版本Apache log4j2>=2.0,<=2.14.1)。
Apache Log4j2 是常見的日誌組件被Java 用來實現日誌功能的,攻擊者可以直接發送惡意請求,遠端觸發惡意程式透過漏洞進行攻擊。常用的框架像是Apache Struts2、Apache Solr、Apache Druid、Apache Flink等皆受到影響。
1.建議立即操作: - 設置jvm啟動參數"-Dlog4j2.formatMsgNoLookups=true"(2.0~2.10版本,應先升級到2.10+ ,然後設置jvm參數) - 通知防火牆、IPS或WAF的供應商更新簽名代碼;
2.建議後續預防措施: - 如果程序使用Apache log4j-core lib,建議盡快升級到最新版本 log4j-2.15.0-rc2及以上。
The brief summary of this notification as below:
Security experts discovered a high severity security vulnerability (CVE-2021-44228)-Apache Log4j2 remote code execution vulnerability (affected version Apache log4j2 >= 2.0, <= 2.14.1).
Apache Log4j2 is a common log component used by Java to implement Log Function. Attackers can directly send malicious requests and remotely trigger malicious programs to attack through vulnerabilities. Commonly used frameworks such as Apache Struts2, Apache Solr, Apache Druid, and Apache Flink are all affected.
1.Suggested immediate actions: - Set jvm startup parameters "-Dlog4j2.formatMsgNoLookups=true" (version 2.0~2.10, should upgrade to 2.10+ first, then set jvm parameters) - Contact the vendor of Firewall, IPS or WAF to update the signature code
2. Suggested follow-up preventive actions: -If the program uses Apache log4j-core lib, it is recommended to upgrade to the latest version as soon as possible: log4j-2.15.0-rc2 and above .