Share

Apache Log4j CVE-2019-17571 RCE vulnerability can be remotely exploited by attackers Waratek customers are protected by default rule

The Apache Foundation has announced CVE-2019-17571, a Remote Code Execution (RCE) flaw in the SocketServer component in multiple versions of the popular Log4j library. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in Denial-of-Service conditions.

 

Technologies Affected

  • Apache Log4j 1.2
  • Apache Log4j 1.2.13
  • Apache Log4j 1.2.17
  • Apache Log4j 1.2.6
  • Apache Log4j 1.2.7
  • Apache Log4j 1.2.8
  • Apache Log4j 1.2.9
  • Redhat JBoss Enterprise Application Platform 5.0

A similar flaw found in Log4j 2.x has been assigned CVE-2017-5645.

 

References

 

Action Steps
Waratek Secure and Waratek Enterprise customers are already protected by the deserial/marshal rule that is standard protection in the Waratek application security platform. Waratek rules provide protection against known and zero-day attacks with zero configuration and no source code changes. Waratek’s out-of-the-box zero-day protection not only protects the Apache supported Log4j 2.x versions but also protects the Apache end-of-life Log4j 1.2.x release line.

Non-Waratek customers are advised to upgrade their versions of the vulnerable software. 1.2.x branch is end-of-life upstream and does not receive a fix for this issue by Apache. Users should upgrade to Log4j 2.x as soon as possible.

For more information about how Waratek protects against CVE-2019-17571, please contact your Waratek representative or schedule a demonstration.

 

About Waratek
Some of the world’s leading companies use Waratek’s ARMR Security Platform to patch, secure and upgrade their mission critical applications. A pioneer in the next generation of application security solutions, Waratek makes it easy for security teams to instantly detect and remediate known vulnerabilities with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

Waratek is the Cybersecurity Breakthrough Award’s 2019 Overall Web Security Solution of the Year, is a previous winner of the RSA Innovation Sandbox Award, and more than a dozen other awards and recognitions. For more information, visit www.waratek.com.