{"id":18784,"date":"2021-12-20T08:27:00","date_gmt":"2021-12-20T08:27:00","guid":{"rendered":"https:\/\/nsfocusglobal.com\/?p=18784"},"modified":"2026-04-17T18:07:45","modified_gmt":"2026-04-17T18:07:45","slug":"apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2","status":"publish","type":"post","link":"https:\/\/nsfocusglobal.com\/pt-br\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/","title":{"rendered":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021"},"content":{"rendered":"<!DOCTYPE html PUBLIC \"-\/\/W3C\/\/DTD HTML 4.0 Transitional\/\/EN\" \"http:\/\/www.w3.org\/TR\/REC-html40\/loose.dtd\">\n<html><body><h2 class=\"wp-block-heading\">Overview<\/h2>\n\n\n\n<p>The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and workaround.<\/p>\n\n\n\n<p>On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by sending a specially constructed data request packet. The vulnerability PoC has been disclosed on the Internet and can be exploited with default configuration. As the vulnerability has a wide range of effects, NSFOCUS strongly recommends that users take measures to troubleshoot and prevent it as soon as possible.<\/p>\n\n\n\n<p>On December 10, NSFOCUS CERT found that for ApacheLog4j2.15.0-rc1 version, only LDAP was patched and host whitelist was added, which can be bypassed in non-default configurations. Thus, ApacheLog4j2.15.0-rc2 (the same as the stable version 2.15.0) was officially released to handle urI exceptions.<\/p>\n\n\n\n<p>On December 12, ApacheLog4j2.15.1-rc1 was officially released, which directly disabled the JNDI function. If the lookup function is required, it is recommended to upgrade to this version and manually set log4j2.formatMsgNoLookups to false as default.<\/p>\n\n\n\n<p>On December 13, Apache Log4j 2.16.0-rc1 (the same as the stable version 2.16.0) was officially released, which completely removes the vulnerable Message lookups function based on Apache Log4j 2.15.1-rc1.<\/p>\n\n\n\n<p>On December 14, the Apache Log4j deserialization Code Execution Vulnerability (CEV-2021-4104) is &nbsp;officially disclosed. When Apache Log4j 1.2.x is in a specific configuration, JMSAppender is vulnerable to deserialization of untrusted data. When attackers have the permission to modify&nbsp; Log4j configuration, they can execute JNDI requests with JMSAppender by the use of specific configuration, resulting in remote code execution.<\/p>\n\n\n\n<p>On December 14, Apache Log4j 2.12.2-rc1 was released. JNDI and Lookup functions are disabled by default, and Java 7 is supported.<\/p>\n\n\n\n<p>On December 15, the official announcement disclosed the DoS vulnerability (CVE-2021-45046) of Apache Log4j. When Log4j is configured to use non-default mode layout and context lookup (such as $${ctx: loginid}) or thread context mapping mode (%X&atilde;&euro;%mdc or %MDC), attackers use JNDI lookup mode to create malicious input data, resulting in a denial of service (DOS). As in Apache&nbsp;Log4j&nbsp;2.15.0, the vulnerability fix method for CVE-2021-44228 is imperfect, it will be affected by this vulnerability in a specific configuration.<\/p>\n\n\n\n<p>On December 17, the DoS vulnerability of Apache Log4j was updated to Code Execution Vulnerability (CVE-2021-45046). The fix to CVE-2021-44228 in Apache Log4j 2.15.0 is incomplete in some non-default configurations. When the log configuration uses a non-default mode layout with context lookup (such as$${ctx:loginId}), the attackers who input data by controlling thread context mapping (MDC) can use JNDI search mode to create malicious input data, so as to cause information disclosure, RCE (remote code execution) and LCE (local code execution) attacks, and the CVSS score increased from 3.7 to 9.0. On December 18, Apache Log4j 2.17.0 was officially released and the DoS vulnerability (CVE-2021-45105) in Apache Log4j was disclosed. As Log4j does not prevent uncontrolled recursion in self reference lookup, when the log configuration uses a non-default mode layout with context lookup (such as, $${ctx:loginId}), the attackers who input data by controlling thread context mapping (MDC) can create malicious input data containing recursive lookup, causing DoS attacks in which StackOverflowError kills the process.<\/p>\n\n\n\n<p>Apache Log4j2 is an open source Java logging framework and widely used in middleware, development framework and web applications to record log information.<\/p>\n\n\n\n<p>Screenshot of recurrence of CVE-2021-44228:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach1.png\"><img fetchpriority=\"high\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach1-1024x427.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18753\" width=\"768\" height=\"320\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach1-1024x427.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach1-300x125.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach1-768x321.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach1-200x83.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach1.png 1531w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/a><\/figure>\n\n\n\n<p>Screenshot of recurrence of Log4j&nbsp;2.15.0-rc1 bypass of CVE-2021-44228:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2.png\"><img decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2-1024x618.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18755\" width=\"768\" height=\"464\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2-1024x618.png 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2-300x181.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2-768x464.png 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2-1536x927.png 1536w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2-200x121.png 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach2.png 1539w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/a><\/figure>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Vulnerability details<\/strong><\/td><td><strong>Vulnerability <\/strong><strong>PoC<\/strong><\/td><td><strong>Vulnerability <\/strong><strong>EXP<\/strong><\/td><td><strong>Use out of office<\/strong><\/td><\/tr><tr><td><strong>Published<\/strong><strong><\/strong><\/td><td><strong>Published<\/strong><strong><\/strong><\/td><td><strong>Published<\/strong><strong><\/strong><\/td><td><strong>exist<\/strong><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Reference link: <\/p>\n\n\n\n<p><a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/security.html%20\">https:\/\/logging.apache.org\/log4j\/2.x\/security.html <\/a><\/p>\n\n\n\n<p><a href=\"https:\/\/www.mail-archive.com\/announce@apache.org\/msg06936.html\">https:\/\/www.mail-archive.com\/announce@apache.org\/msg06936.html<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Scope of impact<\/h2>\n\n\n\n<p><strong>Affected version<\/strong><\/p>\n\n\n\n<p><strong>CVE-2021-44228<\/strong><strong>&iuml;&frac14;&scaron;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>2.0-beta9 &lt;= Apache Log4j &lt;= 2.12.1<\/li><li>2.13.0&lt;= Apache Log4j &lt;= 2.15.0-rc1<\/li><\/ul>\n\n\n\n<p><strong>CVE-2021-45046&iuml;&frac14;&scaron;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>2.0-beta9 &lt;= Apache Log4j &lt;= 2.12.1<\/li><li>2.13.0&lt;= Apache Log4j &lt;= 2.15.0-rc2&iuml;&frac14;&circ;2.15.0 stable version&iuml;&frac14;&permil;<\/li><\/ul>\n\n\n\n<p>Note&iuml;&frac14;&scaron;only log4j-core jar files are affected.<\/p>\n\n\n\n<p><strong>CVE-2021-4104<\/strong><strong>&iuml;&frac14;&scaron;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Apache&nbsp;Log4j&nbsp;=1.2.x<strong><\/strong><\/li><\/ul>\n\n\n\n<p><strong>CVE-2021-45105<\/strong><strong>&iuml;&frac14;&scaron;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>2.0-alpha1 &lt;= Apache Log4j &lt;=2.16.0<\/li><\/ul>\n\n\n\n<p>Note&iuml;&frac14;&scaron;only log4j-core jar files are affected.<\/p>\n\n\n\n<p><strong>Scope of supply chain impact<\/strong><strong>&iuml;&frac14;&scaron;<\/strong><\/p>\n\n\n\n<p>According to incomplete statistics, there are more than 170K open source components that directly and indirectly reference Log4j; <\/p>\n\n\n\n<p>Reference of Layer 1-4 of Log4j: there are 6991 components that directly reference Log4j, more than 30K referencing the second layer, more than 90K referencing the third layer and more than 160K referencing the fourth layer. Over 173,200 open source components are affected by Log4j vulnerabilities totally.<\/p>\n\n\n\n<p><strong>Known affected applications and components&iuml;&frac14;&scaron;<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Most VMware products<\/li><li>Jedis<\/li><li>Logging<\/li><li>Logstash<\/li><li>HikariCP<\/li><li>Hadoop Hive<\/li><li>ElasticSearch<\/li><li>Apache Solr<\/li><li>Apache Struts2<\/li><li>Apache Flink<\/li><li>Apache Druid<\/li><li>Apache Log4j SLF4J &nbsp;Binding<\/li><li>spring-boot-strater-log4j2<\/li><li>Camel :: Core<\/li><li>JBoss&nbsp;Logging 3<\/li><li>JUnit Vintage Engine<\/li><li>WSO2 Carbon Kernel&nbsp;Core<\/li><\/ul>\n\n\n\n<p>Refer to the following links for more components&iuml;&frac14;&scaron;<\/p>\n\n\n\n<p><a href=\"https:\/\/mvnrepository.com\/artifact\/org.apache.logging.log4j\/log4j-core\/usages?p=1\">https:\/\/mvnrepository.com\/artifact\/org.apache.logging.log4j\/log4j-core\/usages?p=1<\/a><\/p>\n\n\n\n<p><strong>Unaffected version<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Apache Log4j 2.17.0-rc1&iuml;&frac14;&circ;the same as the stable version 2.17.0&iuml;&frac14;&permil;<\/li><li>Apache Log4j 2.12.3-rc1&iuml;&frac14;&circ;the same as the stable version 2.12.3&iuml;&frac14;&permil;<\/li><\/ul>\n\n\n\n<p>Note: 2.12.3 version has not been released, please stay tuned.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Vulnerability Detection<\/h2>\n\n\n\n<p><strong>Manual detection<\/strong><\/p>\n\n\n\n<p>Users can judge by checking whether <strong>org\/apache\/logging\/log4j<\/strong> related path structure is contained after <strong>Java jar<\/strong> decompression. If there are relevant Java packages, the vulnerability is likely to exist.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach3-1.png\"><img decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach3-1.png\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18759\" width=\"500\" height=\"310\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach3-1.png 666w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach3-1-300x186.png 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach3-1-200x124.png 200w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/a><\/figure>\n\n\n\n<p>If the program is packaged with <strong>Maven<\/strong>, you can check whether the <strong>pom.xml<\/strong> file of the project contains the following fields. If the version number is less than 2.15 0-rc2 (beta) or 2.15.0 (stable), the vulnerability exists.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach4.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach4.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18761\" width=\"425\" height=\"342\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach4.jpg 566w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach4-300x242.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach4-200x161.jpg 200w\" sizes=\"(max-width: 425px) 100vw, 425px\" \/><\/a><\/figure>\n\n\n\n<p>If the program is packaged with <strong>gradle<\/strong>, you can check <strong>build.gradle<\/strong> Compile configuration file. If <strong>org.apache.logging.log4j<\/strong> related fields exists in the dependencies section, and the version number is less than 2.15.1, the application will be affected.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach5.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"554\" height=\"79\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach5.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18763\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach5.jpg 554w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach5-300x43.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach5-200x29.jpg 200w\" sizes=\"(max-width: 554px) 100vw, 554px\" \/><\/a><\/figure>\n\n\n\n<p><strong>Attack troubleshooting<\/strong><\/p>\n\n\n\n<p>Attackers usually scan and detect by <strong>dnslog<\/strong> before exploitation. Common exploit methods can be checked by using the keywords &#8220;<strong>javax.naming.CommunicationException<\/strong>&#8220;, &#8220;<strong>javax.naming.NamingException: problem generating object using object factory<\/strong>&#8221; and &#8220;<strong>Error looking up JNDI resource<\/strong>&#8221; in the application system error log.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach6.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach6-1024x364.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18765\" width=\"768\" height=\"273\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach6-1024x364.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach6-300x107.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach6-768x273.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach6-200x71.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach6.jpg 1083w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/a><\/figure>\n\n\n\n<p>There may be &#8220;<strong>${jndi:}<\/strong>&#8221; in the data packet sent by the attacker. It is recommended to use NSFOCUS ISOP or Web Application Firewall&nbsp;for retrieval and troubleshooting.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach7.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"542\" height=\"217\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach7.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18771\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach7.jpg 542w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach7-300x120.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach7-200x80.jpg 200w\" sizes=\"(max-width: 542px) 100vw, 542px\" \/><\/a><\/figure>\n\n\n\n<p><strong>Product detection<\/strong><\/p>\n\n\n\n<p>NSFOCUS&acirc;&euro;&trade;s Remote Security Assessment System (RSAS), Web Vulnerability Scanning System (WVSS), Industrial Control Systems Vulnerability Scanning System (ICSScan), Network Intrusion Detection System (IDS) and United Threat System (UTS) have the ability to scan and detect the vulnerability. Please upgrade to the latest version if you have deployed the above devices.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td>&nbsp;<\/td><td>Upgraded package version number<strong><\/strong><\/td><td>Upgrade package download link<\/td><\/tr><tr><td><strong>RSAS V6 System plug-in package<\/strong><\/td><td>V6.0R02F01.2511<br>Information Technology Application Innovation<br>V6.0R02F01.1704<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122278<br>Information Technology Application Innovation:<br>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122003 <\/td><\/tr><tr><td><strong>RSAS&nbsp;V6&nbsp;Web plug-in package<\/strong><\/td><td>V6.0R02F00.2409<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122201<\/td><\/tr><tr><td><strong>WVSS V6 upgraded plug-in package<\/strong><\/td><td>V6.0R03F00.235<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122203<\/td><\/tr><tr><td><strong>ICSScan&nbsp;V6.0 system plug-in package<\/strong><\/td><td>V6.0R00F04.2405<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122116<\/td><\/tr><tr><td><strong>ICSScan&nbsp;V6.0&nbsp;<\/strong> <strong>Web plug-in package<\/strong><\/td><td>V6.0R00F04.2306<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122127<\/td><\/tr><tr><td><strong>IDS<\/strong><\/td><td>5.6.11.26749<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122198<\/td><\/tr><tr><td><\/td><td>5.6.10.26749<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122197<\/td><\/tr><tr><td><\/td><td>5.6.9.26749 <\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122196<\/td><\/tr><tr><td><strong>UTS<\/strong><\/td><td>5.6.10.26749<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122245<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Apply for cloud detection<\/strong><\/p>\n\n\n\n<p>NSFOCUS provides users with remote detection services. Due to certain risks in the detection of this vulnerability, if relevant users need to apply for cloud detection, please contact the sales or project manager, or send an email to support@nsfocusglobal.COM with personal company email address, provide the list of assets to be scanned, the scanning time slotand contactinformation in the text, and we will contact you.<\/p>\n\n\n\n<p>7x24h Customer service hotline: 400-818-6868 Ext 2<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Vulnerability Protection<\/h2>\n\n\n\n<p><strong>Official upgrade<\/strong><\/p>\n\n\n\n<p>At present, several fixed versions have been released for CVE-2021-44228. The update contents of different versions are slightly different. Affected users can choose corresponding upgraded versions according to needs. Download link&iuml;&frac14;&scaron;<a href=\"https:\/\/github.com\/apache\/logging-log4j2\/tags\">https:\/\/github.com\/apache\/logging-log4j2\/tags<\/a><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Apache&nbsp;Log4j Version number<\/strong><\/td><td><strong>&nbsp;Version update description<\/strong><\/td><\/tr><tr><td>Apache&nbsp;Log4j&nbsp;2.15.0-rc1<\/td><td>Fixed LDAP and added host whitelist&iuml;&frac14;&rsaquo;can be bypassed when manually opening Lookup, and will be affected by CVE-2021-45046 and CVE-2021-45105.<\/td><\/tr><tr><td>Apache&nbsp;Log4j 2.15.0-rc2<\/td><td>The handling of URI exceptions is enhanced to further fix the vulnerability. It will be affected by CVE-2021-45046 and CVE-2021-45105.<\/td><\/tr><tr><td>Apache&nbsp;Log4j 2.15.0 stable version<\/td><td>The handling of URI exceptions is enhanced to further fix the vulnerability.  It will be affected by CVE-2021-45046 and CVE-2021-45105. <\/td><\/tr><tr><td>Apache Log4j 2.15.1-rc1<\/td><td>The default configuration disables JNDI and Lookup functions.<\/td><\/tr><tr><td>Apache Log4j 2.16.0-rc1<\/td><td>The default configuration disables the JNDI function and Message Lookups function is completely removed. <\/td><\/tr><tr><td>Apache&nbsp;Log4j 2.16.0 stable version<\/td><td>The default configuration disables the JNDI function and Message Lookups function is completely removed.<\/td><\/tr><tr><td>Apache Log4j 2.17.0-rc1 <\/td><td>Limit the string search and parsing in log configuration on the basis of 2.16.0.<\/td><\/tr><tr><td>Apache&nbsp;Log4j 2.17.2-rc1 stable version <\/td><td>Limit the string search and parsing in log configuration on the basis of 2.16.0.<\/td><\/tr><tr><td>Apache&nbsp;Log4j 2.12.2-rc1 <\/td><td>The default configuration disables the JNDI function and Message Lookups function is completely removed. This version supports Java7.<\/td><\/tr><tr><td>Apache&nbsp;Log4j 2.12.2 stable version<\/td><td>The default configuration disables the JNDI function and Message Lookups function is completely removed. This version supports Java7. <\/td><\/tr><tr><td>Apache&nbsp;Log4j 2.12.3 stable version <\/td><td>Limit the string search and parsing in log configuration on the basis of 2.12.2.<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p>Note:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>In ApacheLog4j2.15.0-rc1 version, log4j2.formatMsgNoLookups is officially set to true as default. Without manually opening Lookup, Log4j2.15.0-rc1 version is not affected by the CVE-2021-44228 vulnerability.<\/li><li>It is recommended that affected users upgrade all Apache log4j related applications to ApacheLog4j2.17.0-rc1 (Beta) or Apache&nbsp;Log4j&nbsp;2.17.0 (stable).<\/li><li>It is recommended to upgrade the stable version. Users of Java 7 can upgrade to Apache&nbsp;Log4j 2.12.3 for fix.<\/li><li>To prevent accidents in the upgrade process, it is recommended to back up your data first.<\/li><li>Upgrade the known affected applications and components in the supply chain: see the &#8220;Scope of supply chain impact&#8221; in &#8220;2. Scope of influence&#8221; above.<\/li><\/ol>\n\n\n\n<p>If users have been upgraded to Log4j 2.15.0-rc1 or Log4j 2.15.0-rc2, it will not be affected under the default configuration; Please confirm whether related businesses require Lookup function. If needed, please upgrade to Log4j 2.15.1-rc1.<\/p>\n\n\n\n<p><strong>Mitigation by security products<\/strong><\/p>\n\n\n\n<p>For the vulnerability, NSFOCUS has released the rule upgrade packages of Network Intrusion Protection System (IPS), Web Application Firewall (WAF) and the Next-GenerationFirewall (NF). Please upgrade the rules to strengthen the protection capability of security products. The version numbers of safety protection product rules are as follows:<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Safety protection product<\/strong><\/td><td><strong>Version Numbers of Rule<\/strong><\/td><td><strong>Upgrade Package Download Link<\/strong><\/td><td><strong>Rule Number<\/strong><\/td><\/tr><tr><td>IPS<\/td><td>5.6.11.26749<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122198<\/td><td>25475<\/td><\/tr><tr><td><\/td><td>5.6.10.26749 <\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122197<\/td><td><\/td><\/tr><tr><td><\/td><td>5.6.9.26749 <\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122196<\/td><td><\/td><\/tr><tr><td>WAF<\/td><td>6.0.7.3.52185<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122193<\/td><td>27005085<\/td><\/tr><tr><td><\/td><td>6.0.7.0.52185<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122194<\/td><td><\/td><\/tr><tr><td>NF<\/td><td>6.0.1.863<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122048<\/td><td>25476<\/td><\/tr><tr><td><\/td><td>6.0.2.863<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122049<\/td><td><\/td><\/tr><tr><td><\/td><td>6.0.60.863<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122045<\/td><td><\/td><\/tr><tr><td><\/td><td>6.0.70.863<\/td><td>http:\/\/update.nsfocus.com\/update\/downloads\/id\/122047<\/td><td><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<p><strong>Workaround<\/strong><\/p>\n\n\n\n<p>If users are unable to upgrade, the following measures can be taken for temporary protection:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Add jvm parameter to start: <strong>-Dlog4j2.formatMsgNoLookups=true<\/strong><\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-full\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach8.jpg\"><img loading=\"lazy\" decoding=\"async\" width=\"948\" height=\"45\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach8.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18773\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach8.jpg 948w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach8-300x14.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach8-768x36.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach8-200x9.jpg 200w\" sizes=\"(max-width: 948px) 100vw, 948px\" \/><\/a><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"2\"><li>Add log4j2.component.properties configuration file under the classpath of the application. The file content is: <strong>log4j2 formatMsgNoLookups=true<\/strong><\/li><\/ol>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><a href=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach9.jpg\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach9-1024x353.jpg\" alt=\"Red circular no entry sign with a white horizontal bar.\" class=\"wp-image-18775\" width=\"768\" height=\"265\" srcset=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach9-1024x353.jpg 1024w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach9-300x104.jpg 300w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach9-768x265.jpg 768w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach9-200x69.jpg 200w, https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2021\/12\/apach9.jpg 1362w\" sizes=\"(max-width: 768px) 100vw, 768px\" \/><\/a><\/figure>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\" start=\"3\"><li>Set the system environment variable <strong>LOG4J_FORMAT_MSG_NO_LOOKUPS=true<\/strong>.<\/li><li>Remove the<strong> JndiLookup<\/strong>&nbsp;class file from the log4j-core package using the following command:<\/li><\/ol>\n\n\n\n<p class=\"has-cyan-bluish-gray-background-color has-background\">zip&nbsp;-q&nbsp;-d&nbsp;log4j-core-*.jar&nbsp;org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class<\/p>\n\n\n\n<p>Note: when and only when Apache log4j &gt;= version 2.10, any of the measures 1, 2 ,3 and 4 can be used for protection.<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Disable JNDI manually, for example, add &acirc;&euro;&oelig;spring.jndi.ignore=true&acirc;&euro; in spring.properties.<\/li><li>It is recommended to use JDK in 11.0.1, 8u191, 7u201, 6u211 or later versions, which can prevent RCE to a certain extent.<\/li><li>Restrict the external access of affected applications to the Internet, and detect the access of dnslog related domain names at the boundary.<\/li><\/ol>\n\n\n\n<p>Some public dnslog platforms are as follows:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>ceye.io<\/li><li>dnslog.link<\/li><li>dnslog.cn<\/li><li>dnslog.io<\/li><li>tu4.org<\/li><li>burpcollaborator.net<\/li><li>s0x.cn<\/li><\/ul>\n\n\n\n<p>Apache&nbsp;Log4j&nbsp;JMSAppender Deserialization Code Execution Vulnerability &iuml;&frac14;&circ;CVE-2021-4104&iuml;&frac14;&permil;temporary protection:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>Comment out or delete JMSAppender in Log4j&nbsp;configuration.<\/li><li>Use the following command to delete JMSAppender files from log4j jar package:<\/li><\/ol>\n\n\n\n<p class=\"has-cyan-bluish-gray-background-color has-background\">zip -q -d log4j-*.jar org\/apache\/log4j\/net\/JMSAppender.class<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\" start=\"3\"><li>Restrict system users&#8217; access to the application platform to prevent attackers from modifying the configuration of Log4j.<\/li><\/ol>\n\n\n\n<p>Apache&nbsp;Log4j Remote Code Execution Vulnerability (CVE-2021-45046) temporary protection:<\/p>\n\n\n\n<p>Use the following command to delete JndiLookup files from log4j-core package:<\/p>\n\n\n\n<p class=\"has-cyan-bluish-gray-background-color has-background\">zip -q -d log4j-core-*.jar org\/apache\/logging\/log4j\/core\/lookup\/JndiLookup.class<\/p>\n\n\n\n<p>Apache Log4j Dos Vulnerability (CVE-2021-45105) temporary protection:<\/p>\n\n\n\n<ol class=\"wp-block-list\" type=\"1\"><li>In PatternLayout of log configuration, replace context lookup such as ${ctx:loginId} or&nbsp; $${ctx:loginId} with thread context mapping mode (%X, %mdc or %MDC).<\/li><li>Delete references to context lookups in the configuration, such as ${ctx:loginId} or $${ctx:loginId}.<\/li><\/ol>\n\n\n\n<p><strong>Mitigation by security platforms<\/strong><\/p>\n\n\n\n<p>NSFOCUS enterprise security platform (ESP-H) and NSFOCUS intelligent security operation platform (ISOP) have the ability to detect this vulnerability. Users who have deployed those platforms can monitor the vulnerability on the platform.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><td><strong>Security Platform<\/strong><strong><\/strong><\/td><td><strong>Upgraded package \/ rule version number<\/strong><\/td><\/tr><tr><td>ESP-H&iuml;&frac14;&circ;NSFOCUS Enterprise Security Platform&iuml;&frac14;&permil;<\/td><td>Upgraded package with latest rules: attack_rule.1.0.0.1.1048648.dat<\/td><\/tr><tr><td>ISOP&iuml;&frac14;&circ;NSFOCUS Intelligent Security Operation Platform&iuml;&frac14;&permil;<\/td><td>Upgrade the attack identification rule package to the latest version: attack_rule.1.0.0.1.1048648.dat<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">Statement<\/h2>\n\n\n\n<p>This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and\/or indirect consequences and losses caused by transmitting and\/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add\/delete any information to\/from it, or use this advisory for commercial purposes without permission from NSFOCUS.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">About NSFOCUS<\/h2>\n\n\n\n<p>NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company&acirc;&euro;&trade;s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.<\/p>\n\n\n\n<p>NSFOCUS works with Fortune Global 500 companies, including four of the world&acirc;&euro;&trade;s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA). A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.<\/p>\n<\/body><\/html>\n","protected":false},"excerpt":{"rendered":"<p>Overview The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and workaround. On December 9 2021, NSFOCUS CRET has detected the disclosure of Apachelog4j Remote Code Execution Vulnerability (CVE-2021-44228). Due to the recursive parsing of some functions of apachelog4j2, unauthenticated attackers can execute arbitrary code on target servers by [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":9701,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_coblocks_attr":"","_coblocks_dimensions":"","_coblocks_responsive_height":"","_coblocks_accordion_ie_support":"","footnotes":""},"categories":[3,6],"tags":[86,209],"class_list":["post-18784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-emergency-response","tag-apachelog4j","tag-cve-2021-44228"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS<\/title>\n<meta name=\"robots\" content=\"noindex, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"pt_BR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS\" \/>\n<meta property=\"og:description\" content=\"Overview The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/\" \/>\n<meta property=\"og:site_name\" content=\"NSFOCUS\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-20T08:27:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-17T18:07:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"author\" content=\"Jie Ji\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS\" \/>\n<meta name=\"twitter:description\" content=\"Overview The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Escrito por\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jie Ji\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. tempo de leitura\" \/>\n\t<meta name=\"twitter:data2\" content=\"12 minutos\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/\"},\"author\":{\"name\":\"Jie Ji\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\"},\"headline\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021\",\"datePublished\":\"2021-12-20T08:27:00+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/\"},\"wordCount\":2641,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"keywords\":[\"ApacheLog4j\",\"CVE-2021-44228\"],\"articleSection\":[\"Blog\",\"Emergency Response\"],\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/\",\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"datePublished\":\"2021-12-20T08:27:00+00:00\",\"dateModified\":\"2026-04-17T18:07:45+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#breadcrumb\"},\"inLanguage\":\"pt-BR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#primaryimage\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2019\\\/11\\\/Apache.jpg\",\"width\":366,\"height\":206,\"caption\":\"Apache\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/nsfocusglobal.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#website\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"name\":\"NSFOCUS\",\"description\":\"Security Made Smart and Simple\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pt-BR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#organization\",\"name\":\"NSFOCUS\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"contentUrl\":\"https:\\\/\\\/nsfocusglobal.com\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/logo-ns.png\",\"width\":248,\"height\":36,\"caption\":\"NSFOCUS\"},\"image\":{\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/#\\\/schema\\\/person\\\/1077d8fcd7e52c96f17a33b63a0d157b\",\"name\":\"Jie Ji\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pt-BR\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g\",\"caption\":\"Jie Ji\"},\"url\":\"https:\\\/\\\/nsfocusglobal.com\\\/pt-br\\\/author\\\/jji\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS","robots":{"index":"noindex","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"pt_BR","og_type":"article","og_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS","og_description":"Overview The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and","og_url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/","og_site_name":"NSFOCUS","article_published_time":"2021-12-20T08:27:00+00:00","article_modified_time":"2026-04-17T18:07:45+00:00","og_image":[{"url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","type":"","width":"","height":""}],"author":"Jie Ji","twitter_card":"summary_large_image","twitter_title":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS","twitter_description":"Overview The update involves (CVE-2021-45046) and (CVE-2021-45105) vulnerability information, scope of influence, product rules, official version and","twitter_image":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","twitter_misc":{"Escrito por":"Jie Ji","Est. tempo de leitura":"12 minutos"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#article","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/"},"author":{"name":"Jie Ji","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b"},"headline":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021","datePublished":"2021-12-20T08:27:00+00:00","dateModified":"2026-04-17T18:07:45+00:00","mainEntityOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/"},"wordCount":2641,"commentCount":0,"publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","keywords":["ApacheLog4j","CVE-2021-44228"],"articleSection":["Blog","Emergency Response"],"inLanguage":"pt-BR","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/","url":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/","name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021 - NSFOCUS","isPartOf":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website"},"primaryImageOfPage":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#primaryimage"},"image":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#primaryimage"},"thumbnailUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","datePublished":"2021-12-20T08:27:00+00:00","dateModified":"2026-04-17T18:07:45+00:00","breadcrumb":{"@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#breadcrumb"},"inLanguage":"pt-BR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/"]}]},{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#primaryimage","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2019\/11\/Apache.jpg","width":366,"height":206,"caption":"Apache"},{"@type":"BreadcrumbList","@id":"https:\/\/nsfocusglobal.com\/apachelog4j-remote-code-execution-vulnerability-cve-2021-44228-threat-alert-2\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/nsfocusglobal.com\/"},{"@type":"ListItem","position":2,"name":"ApacheLog4j Remote Code Execution Vulnerability (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105) Threat Alert updated on Dec 20 2021"}]},{"@type":"WebSite","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#website","url":"https:\/\/nsfocusglobal.com\/pt-br\/","name":"NSFOCUS","description":"Security Made Smart and Simple","publisher":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsfocusglobal.com\/pt-br\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pt-BR"},{"@type":"Organization","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#organization","name":"NSFOCUS","url":"https:\/\/nsfocusglobal.com\/pt-br\/","logo":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/","url":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","contentUrl":"https:\/\/nsfocusglobal.com\/wp-content\/uploads\/2024\/08\/logo-ns.png","width":248,"height":36,"caption":"NSFOCUS"},"image":{"@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/nsfocusglobal.com\/pt-br\/#\/schema\/person\/1077d8fcd7e52c96f17a33b63a0d157b","name":"Jie Ji","image":{"@type":"ImageObject","inLanguage":"pt-BR","@id":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/61cb438513c138ce3f1f49e3485f113a0215220de5e284a2bd4e85358f6c8d02?s=96&d=mm&r=g","caption":"Jie Ji"},"url":"https:\/\/nsfocusglobal.com\/pt-br\/author\/jji\/"}]}},"_links":{"self":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/comments?post=18784"}],"version-history":[{"count":0,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/posts\/18784\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media\/9701"}],"wp:attachment":[{"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/media?parent=18784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/categories?post=18784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsfocusglobal.com\/pt-br\/wp-json\/wp\/v2\/tags?post=18784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}