Helpful Log4J Information

On December 10, 2021, Apache released version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228, a critical (CVSSv3 10) remote code execution (RCE) vulnerability affecting Apache Log4j 2.14.1 and earlier versions. Detailed analysis and information on what is available for Rapid7 customers are all available in this blog post, which will be updated as there is additional information.

Website for additional information surrounding Log4J:

IDR Query for Process Start Events:
where(process.cmd_line iCONTAINS-ANY [“log4j-”, “log4j.”] OR parent_process.cmd_line iCONTAINS-ANY [“log4j.”, “log4j-”])groupby(hostname) calculate(unique:hostname) limit(1000)

or you could try the the following query with similar results:

where(process.cmd_line, parent_process.cmd_line iCONTAINS-ANY [“log4j-”, “log4j.”])groupby(hostname) calculate(unique:hostname) limit(1000)

Full Rapid7 Blog:


This is our current resource center for Log4j:

A comprehensive Rapid7 blog post with details on Log4j, the updates we’ve released, and further developments as they come in.

A complete guide to scanning for log4j:

We’re conducting webinars where we dive into more detail on detecting log4j. If you want to sign up for one of these webinars on Monday or Tuesday next week:

Monday webinar - Webinar Registration - Zoom
Tuesday webinar - Webinar Registration - Zoom

Details on using InsightVM to detect this vuln:

A list of our products and tools and whether there is any action required on your part. No action is needed in the majority of cases.

Step-by-step instructions on how to configure a scan template, scan, and determine impact: