Apache Log4j zero-day exploit (CVE-2021-44228) and (CVE 2021-45046)

Started by nick_sinigamy, Jun 24, 2022, 01:24 PM

Previous topic - Next topic

nick_sinigamyTopic starter

Cloudflare has released a blog post addressing a zero-day exploit that affects the widely used Apache Log4j utility (CVE-2021-44228). The vulnerability allows remote code execution (RCE) and has been actively exploited.

Cloudflare advises users to update to version 2.15.0, which can be found on the Log4j download page. To further prevent exploit attempts, the company has implemented three new WAF rules, set to BLOCK by default. Additional information regarding the vulnerability is available on the official Log4j security page.


If your organization is using the log4j library, be aware of the critical vulnerability CVE-2021-44228 affecting the Java logging package. Upgrade immediately to log4j-2.1.50.rc2 and ensure that your Java instance is up-to-date. Vendors that have bundled the log4j package with their software will need to push security updates downstream.

DirectAdmin does not use Log4j and has nothing to announce or fix for CVE-2021-44228. The cPanel Solr plugin is the only supported software by cPanel that contains log4j, and an update has been published with mitigation for the vulnerability. Plesk does not use Log4j, but third-party extensions may. Also, note that the vulnerability is in log4j and not the Apache web server.


The widely used Apache Foundation Log4j library is experiencing a critical remote code execution vulnerability (CVE-2021-44228), which has been targeted by attackers. If exploited, the vulnerability grants full control of the affected server. The issue can impact applications leveraging the Log4j library, including popular Java projects such as Apache Struts 2 and Apache Solr.

Cisco Talos predicts an increased risk of attacks and urges users to update vulnerable products and implement mitigation solutions immediately. The vulnerability exists in the JNDI component of the LDAP connector, allowing an attacker to execute local payloads from a remote server. CVE-2021-44228 also exposes vulnerable hosts to information leakage through the extraction of data from files and environment variables.

An additional vulnerability (CVE-2021-45046) was discovered in Log4j v2.15.0, which was fixed in version 2.16.0, alongside the default disabling of JNDI and removal of message search support. To mitigate the vulnerability, users are advised to upgrade to Log4j version 2.16.0 or disable JNDI.


The recommendation to update to version 2.15.0 is a proactive measure to mitigate the risks associated with the vulnerability. Additionally, the implementation of new WAF rules by Cloudflare is another step to help prevent exploit attempts. It's good to see companies taking these proactive measures to ensure the security of their users.

The Apache Log4j zero-day exploits, specifically CVE-2021-44228 and CVE-2021-45046, are critical vulnerabilities that affect the widely used Apache Log4j utility. These vulnerabilities allow for remote code execution (RCE), which means that attackers can execute arbitrary code on a targeted system. The impact of these exploits is severe, as they have the potential to compromise the security of affected systems and lead to unauthorized access or control.

CVE-2021-44228 is the more well-known vulnerability commonly referred to as Log4Shell. It exists due to improper deserialization of user-supplied data in Log4j. Attackers can exploit this vulnerability by sending specially crafted requests containing malicious code to the vulnerable Log4j servers, resulting in the execution of arbitrary commands.

CVE-2021-45046 is another vulnerability affecting Log4j, which is also related to deserialization. This vulnerability allows for remote code execution when an attacker sends a specially crafted XML payload to a Log4j server.

Both CVE-2021-44228 and CVE-2021-45046 have been actively exploited, making them highly concerning for organizations using Log4j in their infrastructure.

To mitigate the risk associated with these vulnerabilities, it is crucial for organizations to update their Log4j installations to version 2.15.0, as recommended by Cloudflare. Additionally, monitoring for any suspicious activity or attempts to exploit these vulnerabilities is essential. Stay updated with official sources like the Apache Log4j security page for any further information or patches related to these exploits.