Helpful Log4J Information

SDavis · December 14, 2021, 2:26pm

On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical (CVSSv3 10) remote code execution (RCE) vulnerability affecting Apache Log4j 2.14.1 and earlier versions. Detailed analysis and information on what is available for Rapid7 customers are all available in this blog post, which will be updated as there is additional information.

Website for additional information surrounding Log4J:

gist.github.com

https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592

20211210-TLP-WHITE_LOG4J.md

Security Advisories / Bulletins linked to Log4Shell (CVE-2021-44228)

## Errors, typos, something to say ?
  - If you want to add a link, comment or send it to me
  - Feel free to report any mistake directly below in the comment or in DM on Twitter [@SwitHak](https://twitter.com/SwitHak)

# Other great ressources
- Royce Williams list is different, listed by vendors responses:
- https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/
- TBD

This file has been truncated. show original

IDR Query for Process Start Events:
where(process.cmd_line iCONTAINS-ANY [“log4j-”, “log4j.”] OR parent_process.cmd_line iCONTAINS-ANY [“log4j.”, “log4j-”])groupby(hostname) calculate(unique:hostname) limit(1000)

or you could try the the following query with similar results:

where(process.cmd_line, parent_process.cmd_line iCONTAINS-ANY [“log4j-”, “log4j.”])groupby(hostname) calculate(unique:hostname) limit(1000)

Full Rapid7 Blog:

holly_wilsey · December 14, 2021, 3:12pm

This is our current resource center for Log4j:

A comprehensive Rapid7 blog post with details on Log4j, the updates we’ve released, and further developments as they come in.

A complete guide to scanning for log4j:

We’re conducting webinars where we dive into more detail on detecting log4j. If you want to sign up for one of these webinars on Monday or Tuesday next week:

Monday webinar - Webinar Registration - Zoom
Tuesday webinar - Webinar Registration - Zoom

Details on using InsightVM to detect this vuln:

A list of our products and tools and whether there is any action required on your part. No action is needed in the majority of cases.

Step-by-step instructions on how to configure a scan template, scan, and determine impact:

https://docs.rapid7.com/insightvm/apache-log4j/