Intrusion PreventionApache.Log4j.Error.Log.Thread.Context.DoS
Description
This indicates an attack attempt to exploit a Denial of Service Vulnerability in Apache Log4j.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application. A remote attacker could exploit these vulnerabilities by sending a crafted request to the target server. Successful exploitation could result in a denial-of-service condition.
Outbreak Alert
A 0-day exploit was discovered on a popular Java library Log4j2 that can result to a Remote Code Execution (RCE). This is a widely deployed library, and while systems protected by Fortinet Security Fabric are secured by the protections below, all systems need to upgrade ASAP as this is 10.0 severity. Due to the high visibility and attention, subsequent vulnerabilities have since emerged
Affected Products
Apache Log4j 2.0-beta9 prior to 2.17.0
Impact
Denial of Service: Remote attackers can crash vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://logging.apache.org/log4j/2.x/security.html
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-01-19 | 19.244 | Sig Added |
| 2021-12-23 | 19.225 | Sig Added |
| 2021-12-23 | 19.225 | Default_action:pass:drop |
| 2021-12-21 | 19.223 |
| ID | 51050 |
| Created | Dec 20, 2021 |
| Updated | Jan 18, 2022 |
| Outbreak Alert | Log4j2 Vulnerability |
| Risk |
|
| CVE ID | CVE-2021-45105 |
| Exploit Prediction Score | 96.62% |
| Default Action | drop |
| Active | |
| Affected OS | All |
| Affected App | Apache |