A critical remote code execution (RCE) vulnerability in Apache’s widely used Log4j Java library (CVE-2021-44228) sent shockwaves across the security community on December 10, 2021. Also known as Log4Shell, this zero-day vulnerability has impacted huge portions of the internet and web applications due to the widespread use of Log4j. Successful exploitation of Log4Shell can allow a remote, unauthenticated attacker to take full control of a target system.
As we learn more, the Rapid7 team is here to offer our best guidance on mitigation and remediation of Log4Shell. Please refer to this page for updates and resources.
To help our customers mitigate and detect Log4Shell with Rapid7 solutions, we’ve created a dedicated resource center. Visit the resource center for the most up to date documentation, announcements, and information as it relates to Log4Shell and Insight Platform solutions.
In this blog post by our Emergent Threat Response team, we cover the essentials of the remote code execution vulnerability in Log4j and what security teams can do now to defend against it. Learn why the Log4j exploit is so massively impactful and what detections and mitigations you can put in place today. For Rapid7 customers, we also cover how to use our solutions — including InsightVM, InsightIDR, Velociraptor, tCell, and InsightCloudSec — to determine if your systems are vulnerable and launch a coordinated response.
Rapid7’s infosec team has published a comprehensive blog detailing Log4Shell's impact on Rapid7 solutions and systems. At this time, we have not detected any successful Log4Shell exploit attempts in our systems or solutions. There is no action for most customers using our solutions. For those using on-premise solutions, this post outlines what action they need to take to ensure Log4Shell is fully remediated with respect to our solutions.
Still wondering about the implications of Log4Shell and what steps you need to take to ensure your systems are secure from the Log4j vulnerability? This FAQ-style blog post is for everyone who wants to understand what’s going on – and why the internet seems to be on fire again.
From the moment Log4Shell became widely known, Rapid7’s Threat Intelligence team has been tracking chatter on the clear, deep, and dark web to better understand the threat from an attacker’s-eye view. In this blog post, they detail 4 key findings from their research to help the security community better understand – and defend against – the ways attackers might exploit this vulnerability.
For a deeper dive into Log4Shell, visit our AttackerKB posting. Rapid7's vulnerability researchers have added technical analysis, product-specific proof-of-concept exploit code, and example indicators of compromise across a wide range of products that are vulnerable to Log4Shell and also high-value to attackers.