ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-15T08:49:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"author\" content=\"Jie Ji\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jie Ji\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"},\"author\":{\"name\":\"Jie Ji\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\"},\"headline\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert\",\"datePublished\":\"2021-12-15T08:49:33+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"},\"wordCount\":2101,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"keywords\":[\"ApacheLog4j\",\"CVE-2021-44228\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\",\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"datePublished\":\"2021-12-15T08:49:33+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"width\":366,\"height\":206,\"caption\":\"Apache\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\",\"name\":\"Jie Ji\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"caption\":\"Jie Ji\"},\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/jji\\\/\"}]}<\/script>\n","yoast_head_json":{"title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","og_description":"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the","og_url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","og_site_name":"NSFOCUS","article_published_time":"2021-12-15T08:49:33+00:00","article_modified_time":"2026-04-17T18:07:45+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","type":"","width":"","height":""}],"author":"Jie Ji","twitter_card":"summary_large_image","twitter_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","twitter_description":"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","twitter_misc":{"Escrito por":"Jie Ji","Est. tempo de leitura":"10 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"},"author":{"name":"Jie Ji","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b"},"headline":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert","datePublished":"2021-12-15T08:49:33+00:00","dateModified":"2026-04-17T18:07:45+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"},"wordCount":2101,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","keywords":["ApacheLog4j","CVE-2021-44228"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","datePublished":"2021-12-15T08:49:33+00:00","dateModified":"2026-04-17T18:07:45+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","width":366,"height":206,"caption":"Apache"},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b","name":"Jie Ji","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","caption":"Jie Ji"},"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/jji\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=18752"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18752\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/9701"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=18752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=18752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=18752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":18752,"date":"2021-12-15T08:49:33","date_gmt":"2021-12-15T08:49:33","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=18752"},"modified":"2026-04-17T18:07:45","modified_gmt":"2026-04-17T18:07:45","slug":"apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","title":{"rendered":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert"},"content":{"rendered":"\n

Overview<\/h2>\n\n\n\n
On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by sending a specially constructed data request packet. The vulnerability PoC has been disclosed on the Internet and can be exploited with default configuration. As the vulnerability has a wide range of effects, NSFOCUS strongly recommends that users take measures to troubleshoot and prevent it as soon as possible.<\/p>\n\n\n\n
On December 10, NSFOCUS CERT found that for ApacheLog4j2.15.0-rc1 version, only LDAP was patched and host whitelist was added, which can be bypassed in non-default configurations. Thus, ApacheLog4j2.15.0-rc2 (the same as the stable version 2.15.0) was officially released to handle urI exceptions.<\/p>\n\n\n\n
On December 12, ApacheLog4j2.15.1-rc1 was officially released, which directly disabled the JNDI function. If the lookup function is required, it is recommended to upgrade to this version and manually set log4j2.formatMsgNoLookups to false as default.<\/p>\n\n\n\n
On December 13, Apache Log4j 2.16.0-rc1 (the same as the stable version 2.16.0) was officially released, which completely removes the vulnerable Message lookups function based on Apache Log4j 2.15.1-rc1.<\/p>\n\n\n\n
On December 14, Apache Log4j 2.12.2-rc1 was released. JNDI and Lookup functions are disabled by default, and Java 7 is supported.<\/p>\n\n\n\n
Apache Log4j2 is an open source Java logging framework and widely used in middleware, development framework and web applications to record log information.<\/p>\n\n\n\n
Screenshot of recurrence of vulnerability:<\/p>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
Screenshot of recurrence of Log4j 2.15.0-rc1 bypass:<\/p>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
Vulnerability details<\/strong><\/td> Vulnerability <\/strong>PoC<\/strong><\/td> Vulnerability <\/strong>EXP<\/strong><\/td> Use out of office<\/strong><\/td><\/tr>
Published<\/strong><\/strong><\/td> Published<\/strong><\/strong><\/td> Published<\/strong><\/strong><\/td> exist<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Reference link: https:\/\/issues.apache.org\/jira\/projects\/LOG4J2\/issues\/LOG4J2-3201?filter=allissues<\/a><\/p>\n\n\n\n
Scope of impact<\/h2>\n\n\n\n
Affected version<\/strong><\/p>\n\n\n\n
2.0-beta9 <= Apache Log4j <= 2.15.0-rc1ï¼ˆCVE-2021-44228ï¼‰<\/li>
Apache Log4j =1.2ï¼ˆCVE-2021-4104ï¼‰<\/li><\/ul>\n\n\n\n
Noteï¼š<\/strong><\/p>\n\n\n\n
In Apache Log4j 1.2, there is a JMSAppender deserialization Code Execution Vulnerability (CVE-2021-4104) in a specific configuration. When attackers have permission to modify Log4j configuration, JMSAppender is vulnerable to deserialization of untrusted data. Attackers can execute JNDI requests using JMSAppender in the specific configuration, causing remote code execution. Reference link: https:\/\/www.mail-archive.com\/announce@apache.org\/msg06936.html<\/a><\/li><\/ol>\n\n\n\n
Mitigation measures:<\/p>\n\n\n\n
1) Comment out or delete JMSAppender in the Log4j configuration.<\/p>\n\n\n\n
2) Use the following command to delete JMSAppender class file from the Log4j jar package:<\/p>\n\n\n\n
zip -q -d log4j-.jar org\/apache\/log4j\/net\/JMSAppender.class<\/p>\n\n\n\n
3) Restrict system users’ access to the application platform to prevent attackers from modifying Log4j configuration. <\/p>\n\n\n\n
In ApacheLog4j2.15.0-rc1 version, log4j2.formatMsgNoLookups is officially set to true as default. Under this default configuration, Log4j2.15.0-rc1 version is not affected by the vulnerability.<\/li><\/ol>\n\n\n\n
Scope of supply chain impact<\/strong>ï¼š<\/strong><\/p>\n\n\n\n
According to unauthorized statistics, there are more than 170K open source components that directly and indirectly reference Log4j;<\/p>\n\n\n\n
Reference of Layer 1-4 of Log4j: there are 6960 components that directly reference Log4j, more than 30K referencing the second layer, more than 90K referencing the third layer and more than 160K referencing the fourth layer. Over 173,200 open source components are affected by Log4j vulnerabilities totally.<\/p>\n\n\n\n
Known affected applications and componentsï¼š<\/p>\n\n\n\n
Most VMware products<\/li>
Jedis<\/li>
Logging<\/li>
Logstash<\/li>
HikariCP<\/li>
Hadoop Hive<\/li>
ElasticSearch<\/li>
Apache Solr<\/li>
Apache Struts2<\/li>
Apache Flink<\/li>
Apache Druid<\/li>
Apache Log4j SLF4J Binding<\/li>
spring-boot-strater-log4j2<\/li>
Camel :: Core<\/li>
JBoss Logging 3<\/li>
JUnit Vintage Engine<\/li>
WSO2 Carbon Kernel Core<\/li><\/ul>\n\n\n\n
Refer to the following links for more componentsï¼š<\/p>\n\n\n\n
https:\/\/mvnrepository.com\/artifact\/org.apache.logging.log4j\/log4j-core\/usages?p=1<\/a><\/p>\n\n\n\n
Unaffected version<\/strong><\/p>\n\n\n\n
Apache Log4j 2.15.0-rc2 (the same as the stable version 2.15.0)<\/li>
Apache Log4j 2.15.1-rc1<\/li>
Apache Log4j 2.16.0-rc1 (the same as the stable version 2.16.0)<\/li>
Apache Log4j 2.12.2-rc1 (Java 7 supported)<\/li><\/ul>\n\n\n\n
Vulnerability Detection<\/h2>\n\n\n\n
Manual detection<\/strong><\/p>\n\n\n\n
Users can judge by checking whether org\/apache\/logging\/log4j<\/strong> related path structure is contained after Java jar<\/strong> decompression. If there are relevant Java packages, the vulnerability is likely to exist.<\/p>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
If the program is packaged with Maven<\/strong>, you can check whether the pom.xml<\/strong> file of the project contains the following fields. If the version number is less than 2.15 0-rc2 (beta) or 2.15.0 (stable), the vulnerability exists.<\/p>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
If the program is packaged with gradle<\/strong>, you can check build.gradle<\/strong> Compile configuration file. If org.apache.logging.log4j<\/strong> related fields exists in the dependencies section, and the version number is less than 2.15 0-rc2 (beta) or 2.15.0 (stable), the vulnerability exists.<\/p>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
Attack troubleshooting<\/strong><\/p>\n\n\n\n
Attackers usually scan and detect by dnslog<\/strong> before exploitation. Common exploit methods can be checked by using the keywords “javax.naming.CommunicationException<\/strong>“, “javax.naming.NamingException: problem generating object using object factory<\/strong>” and “Error looking up JNDI resource<\/strong>” in the application system error log.<\/p>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
There may be “${jndi:}<\/strong>” in the data packet sent by the attacker. It is recommended to use NSFOCUS ISOP or Web Application Firewall for retrieval and troubleshooting.<\/p>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
Product detection<\/strong><\/p>\n\n\n\n
NSFOCUSâ€™s Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS), Industrial Control Systems Vulnerability Scanning System (ICSScan), Network Intrusion Detection System (IDS) and United Threat System (UTS) have the ability to scan and detect the vulnerability. Please upgrade to the latest version if you have deployed the above devices.<\/p>\n\n\n\n
<\/td> Upgraded package version number<\/strong><\/td> Upgrade package download link<\/td><\/tr>
RSAS V6 System plug-in package<\/strong><\/td> V6.0R02F01.2509 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121999 <\/td><\/tr>
RSAS V6 Web plug-in package<\/strong><\/td> V6.0R02F00.2408<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122079<\/td><\/tr>
WVSS V6 upgraded plug-in package<\/strong><\/td> V6.0R03F00.234<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122081<\/td><\/tr>
ICSScan V6.0 system plug-in package<\/strong><\/td> V6.0R00F04.2405<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122116<\/td><\/tr>
ICSScan V6.0 <\/strong> Web plug-in package<\/strong><\/td> V6.0R00F04.2306<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122127<\/td><\/tr>
IDS<\/strong><\/td> 5.6.11.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122010<\/td><\/tr>
<\/td> 5.6.10.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122009<\/td><\/tr>
<\/td> 5.6.9.26706 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122008 <\/td><\/tr>
UTS<\/strong><\/td> 5.6.10.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122103<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Apply for cloud detection<\/strong><\/p>\n\n\n\n
NSFOCUS provides users with remote detection services. Due to certain risks in the detection of this vulnerability, if relevant users need to apply for cloud detection, please contact the sales or project manager, or send an email to support@nsfocusglobal.COM with personal company email address, provide the list of assets to be scanned, the scanning time slotand contactinformation in the text, and we will contact you.<\/p>\n\n\n\n
7x24h Customer service hotline: 400-818-6868 Ext 2<\/p>\n\n\n\n
Vulnerability Protection<\/h2>\n\n\n\n
Official upgrade<\/strong><\/p>\n\n\n\n
At present, several fixed versions have been released for CVE-2021-44228. The update contents of different versions are slightly different. Affected users can choose corresponding upgraded versions according to needs. Download linkï¼šhttps:\/\/github.com\/apache\/logging-log4j2\/tags<\/a><\/p>\n\n\n\n
Apache Log4j Version number<\/strong><\/td> Version update description<\/strong><\/td><\/tr>
Apache Log4j 2.15.0-rc1<\/td> Fixed LDAP and added host whitelistï¼›can be bypassed when manually opening Lookup<\/td><\/tr>
Apache Log4j 2.15.0-rc2<\/td> The handling of URI exceptions is enhanced to further fix the vulnerability.<\/td><\/tr>
Apache Log4j 2.15.0 stable version<\/td> The handling of URI exceptions is enhanced to further fix the vulnerability.<\/td><\/tr>
Apache Log4j 2.15.1-rc1<\/td> The default configuration disables JNDI and Lookup functions.<\/td><\/tr>
Apache Log4j 2.16.0-rc1<\/td> The default configuration disables the JNDI function and completely removes the support for the vulnerable Message Lookups function.<\/td><\/tr>
Apache Log4j 2.16.0 stable version<\/td> The default configuration disables the JNDI function and completely removes the support for the vulnerable Message Lookups function.<\/td><\/tr>
Apache Log4j 2.12.2-rc1<\/td> The default configuration disables JNDI and Lookup functions, and this version supports Java 7.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Note:<\/p>\n\n\n\n
In ApacheLog4j2.15.0-rc1 version, log4j2.formatMsgNoLookups is officially set to true as default. Without manually opening Lookup, Log4j2.15.0-rc1 version is not affected by the vulnerability.<\/li>
It is recommended that affected users upgrade all Apache log4j related applications to ApacheLog4j2.15.0-rc2 (Beta) or Apache Log4j 2.15.0 (Stable) and above version. (the stable version is recommended)<\/li>
Please confirm whether relevant businesses require the Lookup function. If required, please manually set log4j2.formatMsgNoLookups to false as default after upgrading to ApacheLog4j2.15.1-rc1.<\/li>
To prevent accidents in the upgrade process, it is recommended to back up your data first.<\/li>
Upgrade the known affected applications and components in the supply chain: see the “Scope of supply chain impact” in “2. Scope of influence” above.<\/li><\/ol>\n\n\n\n
If users have been upgraded to Log4j 2.15.0-rc1 or Log4j 2.15.0-rc2, it will not be affected under the default configuration; Please confirm whether related businesses require Lookup function. If needed, please upgrade to Log4j 2.15.1-rc1.<\/p>\n\n\n\n
Mitigation by security products<\/strong><\/p>\n\n\n\n
For the vulnerability, NSFOCUS has released the rule upgrade packages of Network Intrusion Protection System (IPS), Web Application Firewall (WAF) and the Next-GenerationFirewall (NF). Please upgrade the rules to strengthen the protection capability of security products. The version numbers of safety protection product rules are as follows:<\/p>\n\n\n\n
Safety protection product<\/strong><\/td> Version Numbers of Rule<\/strong><\/td> Upgrade Package Download Link<\/strong><\/td> Rule Number<\/strong><\/td><\/tr>
IPS<\/td> 5.6.11.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122010<\/a><\/td> 25475<\/td><\/tr>
<\/td> 5.6.10.26706 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/12209<\/a> <\/td> <\/td><\/tr>
<\/td> 5.6.9.26706 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122008<\/a><\/td> <\/td><\/tr>
WAF<\/td> 6.0.7.3.50737<\/td> http:\/\/update.nsfocus.com\/update\/listWafV67Detail\/v\/rule6070<\/a><\/td> 27005085<\/td><\/tr>
<\/td> 6.0.7.0.49847<\/td> http:\/\/update.nsfocus.com\/update\/listWafV67Detail\/v\/all<\/a><\/td> <\/td><\/tr>
NF<\/td> 6.0.1.862<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121975<\/a><\/td> 25476<\/td><\/tr>
<\/td> 6.0.2.862 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121983 <\/a><\/td> <\/td><\/tr>
<\/td> 6.0.60.862 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121972 <\/a><\/td> <\/td><\/tr>
<\/td> 6.0.70.862 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121973 <\/a><\/td> <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Workaround<\/strong><\/p>\n\n\n\n
If users are unable to upgrade, the following measures can be taken for temporary protection:<\/p>\n\n\n\n
Add jvm parameter to start: -Dlog4j2.formatMsgNoLookups=true<\/strong><\/li><\/ol>\n\n\n\n
$\"Red$ <\/a><\/figure>\n\n\n\n
Add log4j2.component.properties configuration file under the classpath of the application. The file content is: log4j2 formatMsgNoLookups=true<\/strong><\/li><\/ol>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n
Set the system environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true<\/strong>.<\/li>
Remove the JndiLookup<\/strong> class file from the log4j-core package using the following command:<\/li><\/ol>\n\n\n\n
zip -q -d log4j-core-.jar org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class<\/p>\n\n\n\n
Note: when and only when Apache log4j >= version 2.10, any of the measures 1, 2 ,3 and 4 can be used for protection.<\/p>\n\n\n\n
Disable JNDI manually, for example, add â€œspring.jndi.ignore=trueâ€ in spring.properties.<\/li>
It is recommended to use JDK in 11.0.1, 8u191, 7u201, 6u211 or later versions, which can prevent RCE to a certain extent.<\/li>
Restrict the external access of affected applications to the Internet, and detect the access of dnslog related domain names at the boundary.<\/li><\/ol>\n\n\n\n
Some public dnslog platforms are as follows:<\/p>\n\n\n\n
ceye.io<\/li>
dnslog.link<\/li>
dnslog.cn<\/li>
dnslog.io<\/li>
tu4.org<\/li>
burpcollaborator.net<\/li>
s0x.cn<\/li><\/ul>\n\n\n\n
Mitigation by security platforms<\/strong><\/p>\n\n\n\n
NSFOCUS enterprise security platform (ESP-H) and NSFOCUS intelligent security operation platform (ISOP) have the ability to detect this vulnerability. Users who have deployed those platforms can monitor the vulnerability on the platform.<\/p>\n\n\n\n
Security Platform<\/strong><\/strong><\/td> Upgraded package \/ rule version number<\/strong><\/td><\/tr>
ESP-Hï¼ˆNSFOCUS Enterprise Security Platformï¼‰<\/td> Upgraded package with latest rules: attack_rule.1.0.0.1.1048648.dat<\/td><\/tr>
ISOPï¼ˆNSFOCUS Intelligent Security Operation Platformï¼‰<\/td> Upgrade the attack identification rule package to the latest version: attack_rule.1.0.0.1.1048648.dat<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
Statement<\/h2>\n\n\n\n
This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n
About NSFOCUS<\/h2>\n\n\n\n
NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The companyâ€™s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.<\/p>\n\n\n\n
NSFOCUS works with Fortune Global 500 companies, including four of the worldâ€™s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"
Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by sending a specially constructed data request packet. The vulnerability PoC has been disclosed on the Internet and […]<\/p>\n","protected":false},"author":6,"featured_media":9701,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[86,209],"class_list":["post-18752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response","tag-apachelog4j","tag-cve-2021-44228"],"acf":[],"yoast_head":"\nApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-15T08:49:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"author\" content=\"Jie Ji\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jie Ji\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"},\"author\":{\"name\":\"Jie Ji\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\"},\"headline\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert\",\"datePublished\":\"2021-12-15T08:49:33+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"},\"wordCount\":2101,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"keywords\":[\"ApacheLog4j\",\"CVE-2021-44228\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\",\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"datePublished\":\"2021-12-15T08:49:33+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"width\":366,\"height\":206,\"caption\":\"Apache\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\",\"name\":\"Jie Ji\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"caption\":\"Jie Ji\"},\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/jji\\\/\"}]}<\/script>\n","yoast_head_json":{"title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","og_description":"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the","og_url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","og_site_name":"NSFOCUS","article_published_time":"2021-12-15T08:49:33+00:00","article_modified_time":"2026-04-17T18:07:45+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","type":"","width":"","height":""}],"author":"Jie Ji","twitter_card":"summary_large_image","twitter_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","twitter_description":"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","twitter_misc":{"Escrito por":"Jie Ji","Est. tempo de leitura":"10 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"},"author":{"name":"Jie Ji","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b"},"headline":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert","datePublished":"2021-12-15T08:49:33+00:00","dateModified":"2026-04-17T18:07:45+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"},"wordCount":2101,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","keywords":["ApacheLog4j","CVE-2021-44228"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","datePublished":"2021-12-15T08:49:33+00:00","dateModified":"2026-04-17T18:07:45+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","width":366,"height":206,"caption":"Apache"},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b","name":"Jie Ji","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","caption":"Jie Ji"},"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/jji\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=18752"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18752\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/9701"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=18752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=18752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=18752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

Vulnerability details<\/strong><\/td>	Vulnerability <\/strong>PoC<\/strong><\/td>	Vulnerability <\/strong>EXP<\/strong><\/td>	Use out of office<\/strong><\/td><\/tr>
Published<\/strong><\/strong><\/td>	Published<\/strong><\/strong><\/td>	Published<\/strong><\/strong><\/td>	exist<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Reference link: https:\/\/issues.apache.org\/jira\/projects\/LOG4J2\/issues\/LOG4J2-3201?filter=allissues<\/a><\/p>\n\n\n\n Scope of impact<\/h2>\n\n\n\n Affected version<\/strong><\/p>\n\n\n\n 2.0-beta9 <= Apache Log4j <= 2.15.0-rc1ï¼ˆCVE-2021-44228ï¼‰<\/li> Apache Log4j =1.2ï¼ˆCVE-2021-4104ï¼‰<\/li><\/ul>\n\n\n\n Noteï¼š<\/strong><\/p>\n\n\n\n In Apache Log4j 1.2, there is a JMSAppender deserialization Code Execution Vulnerability (CVE-2021-4104) in a specific configuration. When attackers have permission to modify Log4j configuration, JMSAppender is vulnerable to deserialization of untrusted data. Attackers can execute JNDI requests using JMSAppender in the specific configuration, causing remote code execution. Reference link: https:\/\/www.mail-archive.com\/announce@apache.org\/msg06936.html<\/a><\/li><\/ol>\n\n\n\n Mitigation measures:<\/p>\n\n\n\n 1) Comment out or delete JMSAppender in the Log4j configuration.<\/p>\n\n\n\n 2) Use the following command to delete JMSAppender class file from the Log4j jar package:<\/p>\n\n\n\n zip -q -d log4j-.jar org\/apache\/log4j\/net\/JMSAppender.class<\/p>\n\n\n\n 3) Restrict system users’ access to the application platform to prevent attackers from modifying Log4j configuration. <\/p>\n\n\n\n In ApacheLog4j2.15.0-rc1 version, log4j2.formatMsgNoLookups is officially set to true as default. Under this default configuration, Log4j2.15.0-rc1 version is not affected by the vulnerability.<\/li><\/ol>\n\n\n\n Scope of supply chain impact<\/strong>ï¼š<\/strong><\/p>\n\n\n\n* According to unauthorized statistics, there are more than 170K open source components that directly and indirectly reference Log4j;<\/p>\n\n\n\n Reference of Layer 1-4 of Log4j: there are 6960 components that directly reference Log4j, more than 30K referencing the second layer, more than 90K referencing the third layer and more than 160K referencing the fourth layer. Over 173,200 open source components are affected by Log4j vulnerabilities totally.<\/p>\n\n\n\n Known affected applications and componentsï¼š<\/p>\n\n\n\n Most VMware products<\/li> Jedis<\/li> Logging<\/li> Logstash<\/li> HikariCP<\/li> Hadoop Hive<\/li> ElasticSearch<\/li> Apache Solr<\/li> Apache Struts2<\/li> Apache Flink<\/li> Apache Druid<\/li> Apache Log4j SLF4J Binding<\/li> spring-boot-strater-log4j2<\/li> Camel :: Core<\/li> JBoss Logging 3<\/li> JUnit Vintage Engine<\/li> WSO2 Carbon Kernel Core<\/li><\/ul>\n\n\n\n Refer to the following links for more componentsï¼š<\/p>\n\n\n\n https:\/\/mvnrepository.com\/artifact\/org.apache.logging.log4j\/log4j-core\/usages?p=1<\/a><\/p>\n\n\n\n Unaffected version<\/strong><\/p>\n\n\n\n Apache Log4j 2.15.0-rc2 (the same as the stable version 2.15.0)<\/li> Apache Log4j 2.15.1-rc1<\/li> Apache Log4j 2.16.0-rc1 (the same as the stable version 2.16.0)<\/li> Apache Log4j 2.12.2-rc1 (Java 7 supported)<\/li><\/ul>\n\n\n\n Vulnerability Detection<\/h2>\n\n\n\n Manual detection<\/strong><\/p>\n\n\n\n Users can judge by checking whether org\/apache\/logging\/log4j<\/strong> related path structure is contained after Java jar<\/strong> decompression. If there are relevant Java packages, the vulnerability is likely to exist.<\/p>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n If the program is packaged with Maven<\/strong>, you can check whether the pom.xml<\/strong> file of the project contains the following fields. If the version number is less than 2.15 0-rc2 (beta) or 2.15.0 (stable), the vulnerability exists.<\/p>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n If the program is packaged with gradle<\/strong>, you can check build.gradle<\/strong> Compile configuration file. If org.apache.logging.log4j<\/strong> related fields exists in the dependencies section, and the version number is less than 2.15 0-rc2 (beta) or 2.15.0 (stable), the vulnerability exists.<\/p>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n Attack troubleshooting<\/strong><\/p>\n\n\n\n Attackers usually scan and detect by dnslog<\/strong> before exploitation. Common exploit methods can be checked by using the keywords “javax.naming.CommunicationException<\/strong>“, “javax.naming.NamingException: problem generating object using object factory<\/strong>” and “Error looking up JNDI resource<\/strong>” in the application system error log.<\/p>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n There may be “${jndi:}<\/strong>” in the data packet sent by the attacker. It is recommended to use NSFOCUS ISOP or Web Application Firewall for retrieval and troubleshooting.<\/p>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n Product detection<\/strong><\/p>\n\n\n\n NSFOCUSâ€™s Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS), Industrial Control Systems Vulnerability Scanning System (ICSScan), Network Intrusion Detection System (IDS) and United Threat System (UTS) have the ability to scan and detect the vulnerability. Please upgrade to the latest version if you have deployed the above devices.<\/p>\n\n\n\n <\/td> Upgraded package version number<\/strong><\/td> Upgrade package download link<\/td><\/tr> RSAS V6 System plug-in package<\/strong><\/td> V6.0R02F01.2509 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121999 <\/td><\/tr> RSAS V6 Web plug-in package<\/strong><\/td> V6.0R02F00.2408<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122079<\/td><\/tr> WVSS V6 upgraded plug-in package<\/strong><\/td> V6.0R03F00.234<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122081<\/td><\/tr> ICSScan V6.0 system plug-in package<\/strong><\/td> V6.0R00F04.2405<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122116<\/td><\/tr> ICSScan V6.0 <\/strong> Web plug-in package<\/strong><\/td> V6.0R00F04.2306<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122127<\/td><\/tr> IDS<\/strong><\/td> 5.6.11.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122010<\/td><\/tr> <\/td> 5.6.10.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122009<\/td><\/tr> <\/td> 5.6.9.26706 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122008 <\/td><\/tr> UTS<\/strong><\/td> 5.6.10.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122103<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Apply for cloud detection<\/strong><\/p>\n\n\n\n NSFOCUS provides users with remote detection services. Due to certain risks in the detection of this vulnerability, if relevant users need to apply for cloud detection, please contact the sales or project manager, or send an email to support@nsfocusglobal.COM with personal company email address, provide the list of assets to be scanned, the scanning time slotand contactinformation in the text, and we will contact you.<\/p>\n\n\n\n 7x24h Customer service hotline: 400-818-6868 Ext 2<\/p>\n\n\n\n Vulnerability Protection<\/h2>\n\n\n\n Official upgrade<\/strong><\/p>\n\n\n\n At present, several fixed versions have been released for CVE-2021-44228. The update contents of different versions are slightly different. Affected users can choose corresponding upgraded versions according to needs. Download linkï¼šhttps:\/\/github.com\/apache\/logging-log4j2\/tags<\/a><\/p>\n\n\n\n Apache Log4j Version number<\/strong><\/td> Version update description<\/strong><\/td><\/tr> Apache Log4j 2.15.0-rc1<\/td> Fixed LDAP and added host whitelistï¼›can be bypassed when manually opening Lookup<\/td><\/tr> Apache Log4j 2.15.0-rc2<\/td> The handling of URI exceptions is enhanced to further fix the vulnerability.<\/td><\/tr> Apache Log4j 2.15.0 stable version<\/td> The handling of URI exceptions is enhanced to further fix the vulnerability.<\/td><\/tr> Apache Log4j 2.15.1-rc1<\/td> The default configuration disables JNDI and Lookup functions.<\/td><\/tr> Apache Log4j 2.16.0-rc1<\/td> The default configuration disables the JNDI function and completely removes the support for the vulnerable Message Lookups function.<\/td><\/tr> Apache Log4j 2.16.0 stable version<\/td> The default configuration disables the JNDI function and completely removes the support for the vulnerable Message Lookups function.<\/td><\/tr> Apache Log4j 2.12.2-rc1<\/td> The default configuration disables JNDI and Lookup functions, and this version supports Java 7.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Note:<\/p>\n\n\n\n In ApacheLog4j2.15.0-rc1 version, log4j2.formatMsgNoLookups is officially set to true as default. Without manually opening Lookup, Log4j2.15.0-rc1 version is not affected by the vulnerability.<\/li> It is recommended that affected users upgrade all Apache log4j related applications to ApacheLog4j2.15.0-rc2 (Beta) or Apache Log4j 2.15.0 (Stable) and above version. (the stable version is recommended)<\/li> Please confirm whether relevant businesses require the Lookup function. If required, please manually set log4j2.formatMsgNoLookups to false as default after upgrading to ApacheLog4j2.15.1-rc1.<\/li> To prevent accidents in the upgrade process, it is recommended to back up your data first.<\/li> Upgrade the known affected applications and components in the supply chain: see the “Scope of supply chain impact” in “2. Scope of influence” above.<\/li><\/ol>\n\n\n\n If users have been upgraded to Log4j 2.15.0-rc1 or Log4j 2.15.0-rc2, it will not be affected under the default configuration; Please confirm whether related businesses require Lookup function. If needed, please upgrade to Log4j 2.15.1-rc1.<\/p>\n\n\n\n Mitigation by security products<\/strong><\/p>\n\n\n\n For the vulnerability, NSFOCUS has released the rule upgrade packages of Network Intrusion Protection System (IPS), Web Application Firewall (WAF) and the Next-GenerationFirewall (NF). Please upgrade the rules to strengthen the protection capability of security products. The version numbers of safety protection product rules are as follows:<\/p>\n\n\n\n Safety protection product<\/strong><\/td> Version Numbers of Rule<\/strong><\/td> Upgrade Package Download Link<\/strong><\/td> Rule Number<\/strong><\/td><\/tr> IPS<\/td> 5.6.11.26706<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122010<\/a><\/td> 25475<\/td><\/tr> <\/td> 5.6.10.26706 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/12209<\/a> <\/td> <\/td><\/tr> <\/td> 5.6.9.26706 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/122008<\/a><\/td> <\/td><\/tr> WAF<\/td> 6.0.7.3.50737<\/td> http:\/\/update.nsfocus.com\/update\/listWafV67Detail\/v\/rule6070<\/a><\/td> 27005085<\/td><\/tr> <\/td> 6.0.7.0.49847<\/td> http:\/\/update.nsfocus.com\/update\/listWafV67Detail\/v\/all<\/a><\/td> <\/td><\/tr> NF<\/td> 6.0.1.862<\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121975<\/a><\/td> 25476<\/td><\/tr> <\/td> 6.0.2.862 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121983 <\/a><\/td> <\/td><\/tr> <\/td> 6.0.60.862 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121972 <\/a><\/td> <\/td><\/tr> <\/td> 6.0.70.862 <\/td> http:\/\/update.nsfocus.com\/update\/downloads\/id\/121973 <\/a><\/td> <\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Workaround<\/strong><\/p>\n\n\n\n If users are unable to upgrade, the following measures can be taken for temporary protection:<\/p>\n\n\n\n Add jvm parameter to start: -Dlog4j2.formatMsgNoLookups=true<\/strong><\/li><\/ol>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n Add log4j2.component.properties configuration file under the classpath of the application. The file content is: log4j2 formatMsgNoLookups=true<\/strong><\/li><\/ol>\n\n\n\n $\"Red$ <\/a><\/figure>\n\n\n\n Set the system environment variable LOG4J_FORMAT_MSG_NO_LOOKUPS=true<\/strong>.<\/li> Remove the JndiLookup<\/strong> class file from the log4j-core package using the following command:<\/li><\/ol>\n\n\n\n zip -q -d log4j-core-.jar org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class<\/p>\n\n\n\n Note: when and only when Apache log4j >= version 2.10, any of the measures 1, 2 ,3 and 4 can be used for protection.<\/p>\n\n\n\n Disable JNDI manually, for example, add â€œspring.jndi.ignore=trueâ€ in spring.properties.<\/li> It is recommended to use JDK in 11.0.1, 8u191, 7u201, 6u211 or later versions, which can prevent RCE to a certain extent.<\/li> Restrict the external access of affected applications to the Internet, and detect the access of dnslog related domain names at the boundary.<\/li><\/ol>\n\n\n\n Some public dnslog platforms are as follows:<\/p>\n\n\n\n ceye.io<\/li> dnslog.link<\/li> dnslog.cn<\/li> dnslog.io<\/li> tu4.org<\/li> burpcollaborator.net<\/li> s0x.cn<\/li><\/ul>\n\n\n\n Mitigation by security platforms<\/strong><\/p>\n\n\n\n* NSFOCUS enterprise security platform (ESP-H) and NSFOCUS intelligent security operation platform (ISOP) have the ability to detect this vulnerability. Users who have deployed those platforms can monitor the vulnerability on the platform.<\/p>\n\n\n\n Security Platform<\/strong><\/strong><\/td> Upgraded package \/ rule version number<\/strong><\/td><\/tr> ESP-Hï¼ˆNSFOCUS Enterprise Security Platformï¼‰<\/td> Upgraded package with latest rules: attack_rule.1.0.0.1.1048648.dat<\/td><\/tr> ISOPï¼ˆNSFOCUS Intelligent Security Operation Platformï¼‰<\/td> Upgrade the attack identification rule package to the latest version: attack_rule.1.0.0.1.1048648.dat<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Statement<\/h2>\n\n\n\n This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n About NSFOCUS<\/h2>\n\n\n\n NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The companyâ€™s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.<\/p>\n\n\n\n NSFOCUS works with Fortune Global 500 companies, including four of the worldâ€™s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":" Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by sending a specially constructed data request packet. The vulnerability PoC has been disclosed on the Internet and […]<\/p>\n","protected":false},"author":6,"featured_media":9701,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[86,209],"class_list":["post-18752","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response","tag-apachelog4j","tag-cve-2021-44228"],"acf":[],"yoast_head":"\nApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-15T08:49:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"author\" content=\"Jie Ji\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jie Ji\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"},\"author\":{\"name\":\"Jie Ji\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\"},\"headline\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert\",\"datePublished\":\"2021-12-15T08:49:33+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"},\"wordCount\":2101,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"keywords\":[\"ApacheLog4j\",\"CVE-2021-44228\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\",\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"datePublished\":\"2021-12-15T08:49:33+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"width\":366,\"height\":206,\"caption\":\"Apache\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\",\"name\":\"Jie Ji\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"caption\":\"Jie Ji\"},\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/jji\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","og_description":"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the","og_url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","og_site_name":"NSFOCUS","article_published_time":"2021-12-15T08:49:33+00:00","article_modified_time":"2026-04-17T18:07:45+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","type":"","width":"","height":""}],"author":"Jie Ji","twitter_card":"summary_large_image","twitter_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","twitter_description":"Overview On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","twitter_misc":{"Escrito por":"Jie Ji","Est. tempo de leitura":"10 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"},"author":{"name":"Jie Ji","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b"},"headline":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert","datePublished":"2021-12-15T08:49:33+00:00","dateModified":"2026-04-17T18:07:45+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"},"wordCount":2101,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","keywords":["ApacheLog4j","CVE-2021-44228"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/","name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","datePublished":"2021-12-15T08:49:33+00:00","dateModified":"2026-04-17T18:07:45+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","width":366,"height":206,"caption":"Apache"},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228) Threat Alert"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b","name":"Jie Ji","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","caption":"Jie Ji"},"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/jji\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18752","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=18752"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18752\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/9701"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=18752"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=18752"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=18752"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}