Share via

Apache Log4j 2 vulnerability

Balayuvaraj M 56 Reputation points
2021-12-11T11:08:27.73+00:00

Can any one provide the solution for this vulnerability to remediate in windows servers. What are the steps to perform to avoid this vulnerability.

Windows for business Windows Server User experience Other
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 15,256 Reputation points MVP Volunteer Moderator
    2021-12-11T13:05:59.783+00:00

    Hi @Balayuvaraj M

    Fixed in Log4j 2.15.0

    Versions Affected: all versions from 2.0-beta9 to 2.14.1

    How to Mitigate CVE-2021-44228
    To mitigate the following options are available (see the advisory from Apache here):

    1. Upgrade to log4j v2.15.0
    2. If you are using log4j v2.10 or above, and cannot upgrade, then set the property log4j2.formatMsgNoLookups=true
    3. Or remove the JndiLookup class from the classpath. For example, you can run a command like zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

    to remove the class from the log4j-core.

    If the Answer is helpful, please click Accept Answer and up-vote, so that it can help others in the community looking for help on similar topics.

  2. Solveryn 1 Reputation point
    2021-12-11T13:55:55.967+00:00

    Hi, also dropping a question regarding this matter.

    Could there be any Azure WAF rules that can identify and block such exploit for the time being?

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.