How to secure your server for any log4j vulnerabilities
December 21, 2021
In this blog, I will show you how to fast check, If your server could be vulnerable to CVE-2021-44228 (the log4j vulnerability). It does not give a 100% proof, that you are not vulnerable, but it gives a hint if it is possible, that you could be vulnerable.
Download the log4j scanner: https://github.com/rubo77/log4j_checker_beta
Errors:
Be aware, It could give false positives like those of ElasticSearch.
See: https://www.elastic.co/guide/en/elasticsearch/reference/current/release-notes-7.16.1.html
Security Updates:
A high severity vulnerability (CVE-2021-44228) for Apache Log4j 2 versions 2.0 to 2.14 was disclosed publicly on the project’s GitHub on December 9, 2021.
Here is my example of one my servers: