Customer Alert 20191225

By January 10, 2020 January 16th, 2020 Alerts

Apache Log4j CVE-2019-17571 RCE vulnerability can be remotely exploited by attackers Waratek customers are protected by default rule

The Apache Foundation has announced CVE-2019-17571, a Remote Code Execution (RCE) flaw in the SocketServer component in multiple versions of the popular Log4j library. Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application. Failed exploits will result in Denial-of-Service conditions.

Technologies Affected

  • Apache Log4j 1.2
  • Apache Log4j 1.2.13
  • Apache Log4j 1.2.17
  • Apache Log4j 1.2.6
  • Apache Log4j 1.2.7
  • Apache Log4j 1.2.8
  • Apache Log4j 1.2.9
  • Redhat JBoss Enterprise Application Platform 5.0

A similar flaw found in Log4j 2.x has been assigned CVE-2017-5645.
 
References

Action Steps
Waratek Secure and Waratek Enterprise customers are already protected by the deserial/marshal rule that is standard protection in the Waratek application security platform. Waratek rules provide protection against known and zero-day attacks with zero configuration and no source code changes. Waratek’s out-of-the-box zero-day protection not only protects the Apache supported Log4j 2.x versions but also protects the Apache end-of-life Log4j 1.2.x release line.

Non-Waratek customers are advised to upgrade their versions of the vulnerable software. 1.2.x branch is end-of-life upstream and does not receive a fix for this issue by Apache. Users should upgrade to Log4j 2.x as soon as possible.

For more information about how Waratek protects against CVE-2019-17571, please contact your Waratek representative or schedule a demonstration.

About Waratek
Some of the world’s leading companies use Waratek’s ARMR Security Platform to patch, secure and upgrade their mission critical applications. A pioneer in the next generation of application security solutions, Waratek makes it easy for security teams to instantly detect and remediate known vulnerabilities with no downtime, protect their applications from known and Zero Day attacks, and virtually upgrade out-of-support Java applications – all without time consuming and expensive source code changes or unacceptable performance overhead.

Waratek is the Cybersecurity Breakthrough Award’s 2019 Overall Web Security Solution of the Year, is a previous winner of the RSA Innovation Sandbox Award, and more than a dozen other awards and recognitions. For more information, visit www.waratek.com.

Apostolos Giannakidis

Author Apostolos Giannakidis

Apostolos drives the research and the design of the security features of Waratek’s RASP container. Before starting his journey in Waratek in 2014, Apostolos worked in Oracle for 2 years focusing on Destructive Testing on the whole technology stack of Oracle and on Security Testing of the Solaris operating system. Apostolos has more than 10 years of experience in the software industry and holds an MSc in Computer Science from the University of Birmingham.Apostolos is acknowledged by Oracle for submitting two Java Deserialization vulnerabilities that were fixed in the Oracle January 2018 CPU and is featured on Google’s Vulnerability Reward Program Hall of Fame.

More posts by Apostolos Giannakidis
X