Google Cloud IDS signature updates help detect CVE-2021-44228 & CVE-2021-45046 Apache Log4j vulnerability
Editor's note : As of 12/16/2021 at 3:45pm PST, this post was updated to include information about detections for CVE-2021-45046. NIST has announced a recent vulnerability ( CVE-2021-44228 ) in the Apache Log4j library. To help with detection, Google Cloud IDS customers can now monitor and detect attempted exploits of CVE-2021-44228. Background The Apache Log4j utility is a commonly used component for logging requests. On December 9, 2021, a vulnerability was reported that could allow a system running Apache Log4j version 2.14.1 or below to be compromised and allow an attacker to execute arbitrary code. On December 10, 2021, NIST [...]