[CDP-development] CISA - Apache Log4j webpage
MASSE, THERESA
theresa.masse at cisa.dhs.gov
Mon Dec 13 16:18:41 PST 2021
FYSA
CISA and its partners, through the Joint Cyber Defense Collaborative<https://www.cisa.gov/jcdc>, are tracking and responding to active, widespread exploitation of a critical remote code execution vulnerability (CVE-2021-44228) affecting Apache Log4j software library versions 2.0-beta9 to 2.14.1. Log4j is very broadly used in a variety of consumer and enterprise services, websites, and applications-as well as in operational technology products-to log security and performance information. An unauthenticated remote actor could exploit this vulnerability to take control of an affected system.
In response, CISA has created a webpage, Apache Log4j Vulnerability Guidance<https://cisa.gov/uscert/apache-log4j-vulnerability-guidance>, and is actively maintaining a community-sourced GitHub repository<https://github.com/cisagov/log4j-affected-db> of publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. CISA will continually update both the webpage and the GitHub repository.
CISA urges organizations to review its Apache Log4j Vulnerability Guidance<https://cisa.gov/uscert/apache-log4j-vulnerability-guidance> webpage and upgrade to Log4j version 2.15.0, or apply the appropriate vendor recommended mitigations immediately.
Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>
[cid:image002.png at 01D7F03C.67A3A1C0]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211214/b15545ec/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20211214/b15545ec/attachment-0001.png>
More information about the CDP-development
mailing list