Apache Log4j 2 vulnerability

Balayuvaraj M 31 Reputation points
2021-12-11T11:08:27.73+00:00

Can any one provide the solution for this vulnerability to remediate in windows servers. What are the steps to perform to avoid this vulnerability.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,176 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. SUNOJ KUMAR YELURU 13,941 Reputation points MVP
    2021-12-11T13:05:59.783+00:00

    Hi @Balayuvaraj M

    Fixed in Log4j 2.15.0

    Versions Affected: all versions from 2.0-beta9 to 2.14.1

    How to Mitigate CVE-2021-44228
    To mitigate the following options are available (see the advisory from Apache here):

    1. Upgrade to log4j v2.15.0
    2. If you are using log4j v2.10 or above, and cannot upgrade, then set the property log4j2.formatMsgNoLookups=true
    3. Or remove the JndiLookup class from the classpath. For example, you can run a command like zip -q -d log4j-core-*.jar org/apache/logging/log4j/core/lookup/JndiLookup.class

    to remove the class from the log4j-core.

    If the Answer is helpful, please click Accept Answer and up-vote, so that it can help others in the community looking for help on similar topics.

  2. Solveryn 1 Reputation point
    2021-12-11T13:55:55.967+00:00

    Hi, also dropping a question regarding this matter.

    Could there be any Azure WAF rules that can identify and block such exploit for the time being?