Are you currently experiencing an attack?

Are you currently experiencing an attack?

Securing a Critical Apache Log Vulnerability

A critical vulnerability has been discovered in Apache Log4j 2. We have sent out a custom WAF signature to all Reblaze customers that will protect against it.

About the vulnerability

Apache Log4j 2 is a widely used logging framework for Apache. Developers can use it for logging configuration messages, runtime information, errors, and other forms of input.

Starting with version 2.10, Log4j2 has a critical vulnerability where attackers can use LDAP for RCE (Remote Code Execution) on the target’s server. This vulnerability was closed a few days ago in version 2.15, but users will be at risk until their systems are updated. 

Log4j2 is a very popular framework, used across a wide variety of applications. This vulnerability means that a large number of Apache users are currently vulnerable to an RCE attack.

About the Reblaze update

This vulnerability is not in the Reblaze platform. We have rolled out a custom WAF signature to our customers, to protect them against it. If threat actors attempt to exploit this vulnerability, Reblaze will detect and block them.

Although the WAF signature will block exploit attempts, we also recommend that our customers update to the latest version of Log4j2 immediately.

Our support team is currently reaching out to our customers, to ensure that all of their systems are configured to use the signature and are properly secured against this threat. We can also help scan your systems if you’d like to verify that you’re safe.  

If you have any questions, please feel free to contact us.

Get your price quote

Fill out your email below, and we will send you a price quote tailored to your needs

This website uses cookies to ensure you get the best experience on our website.