Alibaba Cloud is aware of the recently disclosed security issue related to the open-source Apache “Log4j2" utility (CVE-2021-44228). The exploit enables remote code execution of this vulnerability, facilitating a complete server takeover. We strongly recommend customers that manage environments containing the Log4j2 update to the latest version of Apache Log4j 2.15.0 as soon as possible to prevent vulnerability attacks.
The version of Apache Log4j affected this time is 2.x <2.15.0. The impact of each security flaw is critical. The Alibaba Cloud Security Team has verified the vulnerability impacts the default configurations of many Apache frameworks, including Apache Struts2, Apache Solr, Apache Druid, Apache Flink, SpringBoot, etc.
WAF has been equipped with JNDI injection protection on the original system. The protection rules for JNDI injection of Apache Log4j 2.x have been updated.
Cloud Firewall prevents this vulnerability by 8turning on the blocking mode with one click and intercepting log4j2 attacks automatically. Applying virtual patching* avoids business interruptions from application repair and restart.
The Alibaba Cloud Security Center Application Vulnerability Module supports the one-click detection and repair of log4j2 on the host, repairing multiple hosts affected by the vulnerability at the same time and saving time for users to repair the vulnerability.
Fill in the 30-day security product trial and consultation form or contact us directly to apply for free DDoS protection, WAF, Cloud Security Center, managed security service, and security consultation service.
Wyingo Makes Overseas Shopping as Smooth as Silk with Alibaba Cloud
1,042 posts | 256 followers
FollowAlibaba Cloud Security - December 25, 2018
Alibaba Cloud Community - June 14, 2024
Ced - November 6, 2024
Alibaba Clouder - May 17, 2019
Alibaba Cloud Native Community - January 5, 2023
Alibaba Cloud Community - February 28, 2022
1,042 posts | 256 followers
FollowThis solution helps you easily build a robust data security framework to safeguard your data assets throughout the data security lifecycle with ensured confidentiality, integrity, and availability of your data.
Learn MoreAlibaba Cloud is committed to safeguarding the cloud security for every business.
Learn MoreExplore Web Hosting solutions that can power your personal website or empower your online business.
Learn MoreIndustry-standard hardware security modules (HSMs) deployed on Alibaba Cloud.
Learn MoreMore Posts by Alibaba Cloud Community