- The robot vacuum that kept my floors free of muddy paw prints this fall is $600 off
- Here's how to get the ultimate Kindle bundle for $135 this Black Friday (plus more ways to mix and match deals)
- This racecar-looking robot mower mows a gorgeous lawn and is on sale for Black Friday
- I tested the world's first thermal phone camera with a 50Hz refresh rate, and here are the results (get $75 off in this Black Friday deal)
- Get four Apple AirTags for just $73 with this Black Friday deal
Addressing Log4j2 Vulnerabilities: How Tripwire Can Help
On December 9th 2021, Apache published a zero-day vulnerability (CVE-2021-44228) for Apache Log4j being referred to as “Log4Shell.” This vulnerability has been classified as “Critical” with a CVSS score of 10, allowing for Remote Code Execution with system-level privileges.
If you are currently working to identify instances of this vulnerability, Tripwire can help.
Tripwire IP360 can be configured to detect the vulnerability through application scanning. IP360’s ASPL-978 includes multiple checks for identifying instances of the Log4Shell vulnerability (CVE-2021-44228) using either DRT or non-DRT scanning.
The following content checks are available now. We will continue to update this post.
- DSA-5020: apache-log4j2 CVE-2021-44228 Vulnerability
- IBM WebSphere Application Server CVE-2021-44228 Vulnerability
- Apache Log4j2 LogShell Remote Code Execution Vulnerability via Classpath Registry Keys
- Elasticsearch CVE-2021-44228 Information Disclosure Vulnerability
- VMSA-2021-0028: CVE-2021-44228 vCenter Server Apache Log4j Remote Code Execution Vulnerability
If you need help applying these content checks, please contact us at tripwire.com/support.
Tripwire continues to work on additional checks to help you address log4j2. For real-time updates on available content checks, as well as Tripwire software that has been investigated regarding the Log4j vulnerability, visit this page.
