Log4Shell Vulnerability Protection
As of 10 December, three critical vulnerabilities were reported in Apache’s Log4Shell component.
Log4J is a library made in Java that is used to write log files. It is estimated that more than 35,000 applications use Log4J and are therefore vulnerable.
To date, three vulnerabilities of this library have been reported:
- CVE-2021-44228, which allows a remote attacker to take control of a device connected to the Internet and execute arbitrary code.
- CVE-2021-45046, a second vulnerability that allows a remote attacker to take control of vulnerable devices
- CVE-2021-45105, which allows an attacker to produce a denial of service causing all system resources to be used.
This vulnerability has been classified as “High Risk”.
Pyxsoft users can stay calm, as the PxShield WAF actively protects
against this and other vulnerabilities.