Network Protection: Firewall, NAT, QoS, & IPS detect CVE-2021-44228 log4j

UTM Firewall requires membership for participation - click to join

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

detect CVE-2021-44228 log4j

Daniel Wittich over 3 years ago

Would ATP detect requests trying to exploit CVE-2021-44228 log4j?

The exploit could come via any request cotaining the string "${jndi"

This thread was automatically locked due to age.

Top Replies

SWeissflog over 3 years ago in reply to StephanG +2

Not vulnerable www.sophos.com/.../sophos-sa-20211210-log4j-rce

Parents

Henri04 over 3 years ago

Hi,

it would be good idea to block the JNDI call in the "EMail Protection" too. Just tested it with our mail server, e.g. as subject, it's logged to the syslog server (and probably to whatever else in between or at the other end).

Best regards

Henri
Cancel
Vote Up 0 Vote Down

Cancel

Reply

Henri04 over 3 years ago

Hi,

it would be good idea to block the JNDI call in the "EMail Protection" too. Just tested it with our mail server, e.g. as subject, it's logged to the syslog server (and probably to whatever else in between or at the other end).

Best regards

Henri
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data