Dark background with blue code overlay
Blog

CVE-2021-44228 - Patching is Recommended for Evolving Zero Day Vulnerability in Apache Log4j That Allows Remote Code Execution (RCE)

Akamai blue wave

Written by

Akamai

December 11, 2021

saturday.png

Akamai has been monitoring the rapidly evolving developments of CVE-2021-44228.  We have been working closely with our customers and internal application teams to mitigate the risks posed by the threat of unauthorized remote code execution.  This includes deploying an update to our existing Apache WAF rules to include mitigation for this Zero Day CVE, and updating the Log4j library to version 2.15.0 or later.

Given the severity of this vulnerability, and how quickly the situation has been evolving, it is imperative that administrators and developers pursue patching as their primary mitigation strategy. While we continue to update WAF rules to protect against bypass tactics that are discovered, we strongly recommend that anyone running Log4j versions  2.0 - 2.14.1 immediately update to version 2.15.0 or later as soon as possible. The latest version can be found on the Log4j download page.



Akamai blue wave

Written by

Akamai

December 11, 2021