Apache Server vulnerability could have far-reaching effects

Apache Server Schwachstelle kann weitreichende Auswirkungen haben

Log4j Patch

Chaos around Apache Log4Shell

Chris Dobrec, VP Product Marketing at Armis

Chris Dobrec, VP Product Marketing at Armis

Apache servers are among the top five most used web servers. Cybercriminals are currently actively trying to exploit the new zero-day vulnerability CVE-2021-44228 in its Java-based Lo4j logging framework. The ubiquitous, open-source Apache framework is used by developers to log the activities within an application. Most applications are no longer running in Java for end users. Otherwise, there are still countless enterprise applications and cloud services where Java is heavily used.

This vulnerability can have a far-reaching impact on any company. Apache is used in a large number of applications and services throughout the enterprise. The challenge is that the affected systems can contain both standard software and custom applications, so the impact can be far-reaching.

Apache has released Log4j 2.15.0 to fix the vulnerability. It is therefore essential that companies check their environment as soon as possible to find out which systems are vulnerable and adapt these systems accordingly.

Security teams must address this critical vulnerability with a defense-in-depth approach and immediately take the following steps. You should start scanning the entire environment to find all applications vulnerable to the Log4j vulnerability. Once these applications are identified, it is important to install the update to fix the specific vulnerability. To protect against possible exploitation in the cloud environment, it is important that you also apply updated rules to your WAF. As a result, there is no way to exploit these resources while patching is being completed.

Ready to see us in action:

More To Explore

Enable registration in settings - general
Have any project in mind?

Contact us: