Hunting and tracking remediation of Log4Shell (CVE-2021-44228)

Posted by Nick Anderson
December 22, 2021

The internet has been ablaze since the announcement of Log4Shell, the nickname for CVE-2021-44228, an arbitrary remote code execution vulnerability in the Java logging utility Log4j. So far two additional vulnerabilities (CVE 2021-45046, CVE-2021-45105) have been identified.

If you are interested in how the vulnerability works, this graphic from SecurityZines explains it well:

The code has been vulnerable since 2013 and millions of hosts and services are affected. The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on December 17th, 2021 ordering all civilian federal agencies to take a series of measures to identify, patch, or mitigate vulnerable systems. Agencies have until 5pm EST on December 23rd, 2021 to comply with the requirements of the directive.

Many projects have been kicked off in pursuit of hunting down and remediating affected instances. As the deadline fast approaches, we wanted to show how CFEngine can be used in combination with these other projects to facilitate identifying potentially vulnerable instances of log4j within your infrastructure and decided to publish a module, cve-2021-44228-log4j to help you identify potentially affected instances within CFEngine managed infrastructure and track remediation efforts.

Get in touch with us
to discuss how we can help!
Contact us
Sign up for
our newsletter
By signing up, you agree to your e-mail address being stored and used to receive newsletters about CFEngine