{"id":7576,"date":"2021-12-13T18:27:42","date_gmt":"2021-12-13T17:27:42","guid":{"rendered":"http:\/\/www.antemeta.fr\/?p=7576\/"},"modified":"2022-01-03T16:37:19","modified_gmt":"2022-01-03T15:37:19","slug":"security-alert-log4j-module","status":"publish","type":"post","link":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/","title":{"rendered":"Security alert: Log4J Module"},"content":{"rendered":"<p><img decoding=\"async\" class=\"alignnone size-full wp-image-7572 lazyload\" data-src=\"\/wp-content\/uploads\/2021\/12\/800x188px.png\" alt=\"\" width=\"800\" height=\"188\" data-srcset=\"\/wp-content\/uploads\/2021\/12\/800x188px.png 800w, \/wp-content\/uploads\/2021\/12\/800x188px-300x71.png 300w, \/wp-content\/uploads\/2021\/12\/800x188px-768x180.png 768w\" data-sizes=\"(max-width: 800px) 100vw, 800px\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 800px; --smush-placeholder-aspect-ratio: 800\/188;\" \/><\/p>\n<h1 style=\"text-align: left;\">SECURITY ALERT :<\/h1>\n<p style=\"text-align: right;\">Updated 2021-12-15<\/p>\n<p>Dear customer,<\/p>\n<div>A vulnerability affecting the Log4j module has been recently published allowing a &#8220;Remote Code Execution&#8221;. This vulnerability is particularly critical as it impacts a very large number of tools.<br \/>\nThe systems affected by this vulnerability are:<\/div>\n<div><u><strong>Vulnerable systems :<\/strong><\/u><br \/>\nAn exhaustive list of products affected by this vulnerability is available via <span style=\"text-decoration: underline;\"><span style=\"color: #0000ff;\"><a style=\"color: #0000ff; text-decoration: underline;\" href=\"https:\/\/gist.github.com\/SwitHak\/b66db3a06c2955a9cb71a8718970c592\">this link<\/a><\/span><\/span>.<\/div>\n<ul>\n<li>Apache Log4j versions 2.0 \u00e0 2.14.1<\/li>\n<li>Apache Log4j versions 1.x (deprecated versions) if the JMS Appender component is configured to support JNDI (this is a very specific configuration)<\/li>\n<li>Products using a vulnerable version of Apache Log4j<\/li>\n<\/ul>\n<div><\/div>\n<div><u><strong>Solutions :<\/strong><\/u><\/div>\n<div>\n<ul>\n<li>Upgrade log4j to version 2.15.0 where possible, or approach vendors whose product uses a vulnerable Log4J to get a patch.<\/li>\n<li>Temporary protection measures are applicable while waiting for the patch:\n<ul>\n<li><strong><u>For applications using versions 2.7.0 and later of the Log4J library<\/u><\/strong>\u00a0it is possible to protect against any attack by modifying the format of the events to be logged with the syntax <em>%m{nolookups}<\/em> for data that would be provided by the user. This modification requires modifying the Log4J configuration file to produce a new version of the application. This requires the technical and functional validation steps to be carried out again before the deployment of this new version.<\/li>\n<li><strong><u>For applications using versions 2.10.0 and later of the Log4J library<\/u><\/strong>, it is also possible to protect against any attack by changing the <em>formatMsgNoLookups<\/em> configuration parameter to true, for example when launching the Java virtual machine with the option <em>-Dlog4j2.formatMsgNoLookups=true<\/em>. Another alternative is to remove the JndiLookup class in the classpath parameter to eliminate the main attack vector (researchers do not rule out the existence of another attack vector).<\/li>\n<li>A tool was recently released that allows hot modification of JVMs without the need to restart the JVM, more information <span style=\"text-decoration: underline; color: #0000ff;\"><a style=\"color: #0000ff; text-decoration: underline;\" href=\"https:\/\/github.com\/corretto\/hotpatch-for-apache-log4j2\">here<\/a><\/span>. This tool allows the hot bypass of the vulnerability, it does not dispense with applying the configuration (mentioned below) in hard in the JVM configuration. So when your JVMs restart, they will definitely take the bypass configuration.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/div>\n<p>&nbsp;<\/p>\n<div><u><strong>Actions taken by AntemetA:<\/strong><\/u><\/div>\n<div>\n<ul>\n<li>IPS Signatures specific to this vulnerability have been blocked on AntemetA front-end IPS allowing perimeter protection of the AntemetA Cloud.<\/li>\n<li>For AntemetA SOC customers, specific monitoring alerts for this vulnerability are in place.<\/li>\n<\/ul>\n<\/div>\n<p>&nbsp;<\/p>\n<p>Find the ANSSI bulletin on <span style=\"text-decoration: underline;\"><span style=\"color: #0000ff; text-decoration: underline;\"><a style=\"color: #0000ff; text-decoration: underline;\" href=\"https:\/\/www.cert.ssi.gouv.fr\/alerte\/CERTFR-2021-ALE-022\/\">this link<\/a><\/span><\/span>.<\/p>\n<p>Sincerely yours,<\/p>\n<p><strong>Your AntemetA customer service.<\/strong><br \/>\n<span style=\"text-decoration: underline; color: #0000ff;\"><a style=\"color: #0000ff; text-decoration: underline;\" href=\"https:\/\/my.antemeta.fr\/\" target=\"_blank\" rel=\"noopener\">Customer Area Access<\/a><\/span><br \/>\n+33 800 22 24 24<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SECURITY ALERT : Updated 2021-12-15 Dear customer, A vulnerability affecting the Log4j module has been recently published allowing a &#8220;Remote Code Execution&#8221;. This vulnerability is particularly critical as it impacts a very large number of tools&#8230;.<\/p>\n","protected":false},"author":22,"featured_media":7080,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[127,13],"tags":[],"class_list":["post-7576","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security-en","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Security alert: Log4J Module - Antemeta<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Security alert: Log4J Module - Antemeta\" \/>\n<meta property=\"og:description\" content=\"SECURITY ALERT : Updated 2021-12-15 Dear customer, A vulnerability affecting the Log4j module has been recently published allowing a &#8220;Remote Code Execution&#8221;. This vulnerability is particularly critical as it impacts a very large number of tools....\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/\" \/>\n<meta property=\"og:site_name\" content=\"Antemeta\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/antemeta\" \/>\n<meta property=\"article:published_time\" content=\"2021-12-13T17:27:42+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-01-03T15:37:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.antemeta.fr\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png\" \/>\n\t<meta property=\"og:image:width\" content=\"682\" \/>\n\t<meta property=\"og:image:height\" content=\"200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Nathan Ait Azzouzene\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@AntemetA\" \/>\n<meta name=\"twitter:site\" content=\"@AntemetA\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Nathan Ait Azzouzene\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/\"},\"author\":{\"name\":\"Nathan Ait Azzouzene\",\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05\"},\"headline\":\"Security alert: Log4J Module\",\"datePublished\":\"2021-12-13T17:27:42+00:00\",\"dateModified\":\"2022-01-03T15:37:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/\"},\"wordCount\":398,\"commentCount\":0,\"image\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage\"},\"thumbnailUrl\":\"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png\",\"articleSection\":[\"Cyber Security\",\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/\",\"url\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/\",\"name\":\"Security alert: Log4J Module - Antemeta\",\"isPartOf\":{\"@id\":\"https:\/\/www.antemeta.fr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage\"},\"thumbnailUrl\":\"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png\",\"datePublished\":\"2021-12-13T17:27:42+00:00\",\"dateModified\":\"2022-01-03T15:37:19+00:00\",\"author\":{\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage\",\"url\":\"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png\",\"contentUrl\":\"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png\",\"width\":682,\"height\":200},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.antemeta.fr\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security alert: Log4J Module\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.antemeta.fr\/#website\",\"url\":\"https:\/\/www.antemeta.fr\/\",\"name\":\"Antemeta\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.antemeta.fr\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05\",\"name\":\"Nathan Ait Azzouzene\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.antemeta.fr\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g\",\"caption\":\"Nathan Ait Azzouzene\"},\"url\":\"https:\/\/www.antemeta.fr\/en\/author\/nathan-ait-azzouzene\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Security alert: Log4J Module - Antemeta","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/","og_locale":"en_US","og_type":"article","og_title":"Security alert: Log4J Module - Antemeta","og_description":"SECURITY ALERT : Updated 2021-12-15 Dear customer, A vulnerability affecting the Log4j module has been recently published allowing a &#8220;Remote Code Execution&#8221;. This vulnerability is particularly critical as it impacts a very large number of tools....","og_url":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/","og_site_name":"Antemeta","article_publisher":"https:\/\/www.facebook.com\/antemeta","article_published_time":"2021-12-13T17:27:42+00:00","article_modified_time":"2022-01-03T15:37:19+00:00","og_image":[{"width":682,"height":200,"url":"https:\/\/www.antemeta.fr\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png","type":"image\/png"}],"author":"Nathan Ait Azzouzene","twitter_card":"summary_large_image","twitter_creator":"@AntemetA","twitter_site":"@AntemetA","twitter_misc":{"Written by":"Nathan Ait Azzouzene","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#article","isPartOf":{"@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/"},"author":{"name":"Nathan Ait Azzouzene","@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05"},"headline":"Security alert: Log4J Module","datePublished":"2021-12-13T17:27:42+00:00","dateModified":"2022-01-03T15:37:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/"},"wordCount":398,"commentCount":0,"image":{"@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png","articleSection":["Cyber Security","News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/","url":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/","name":"Security alert: Log4J Module - Antemeta","isPartOf":{"@id":"https:\/\/www.antemeta.fr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage"},"image":{"@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage"},"thumbnailUrl":"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png","datePublished":"2021-12-13T17:27:42+00:00","dateModified":"2022-01-03T15:37:19+00:00","author":{"@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05"},"breadcrumb":{"@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#primaryimage","url":"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png","contentUrl":"\/wp-content\/uploads\/2020\/11\/Visuel-alerte-s\u00e9cu-AntemetA-miniature.png","width":682,"height":200},{"@type":"BreadcrumbList","@id":"https:\/\/www.antemeta.fr\/en\/security-alert-log4j-module\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.antemeta.fr\/en\/"},{"@type":"ListItem","position":2,"name":"Security alert: Log4J Module"}]},{"@type":"WebSite","@id":"https:\/\/www.antemeta.fr\/#website","url":"https:\/\/www.antemeta.fr\/","name":"Antemeta","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.antemeta.fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/4e0b5226f88452c77010851b88936e05","name":"Nathan Ait Azzouzene","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.antemeta.fr\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/2855508dc18ca2137a4f21c9570ac8cbe1fae4174b7c930592e6f22746422d26?s=96&d=mm&r=g","caption":"Nathan Ait Azzouzene"},"url":"https:\/\/www.antemeta.fr\/en\/author\/nathan-ait-azzouzene\/"}]}},"_links":{"self":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts\/7576","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/users\/22"}],"replies":[{"embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/comments?post=7576"}],"version-history":[{"count":11,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts\/7576\/revisions"}],"predecessor-version":[{"id":7591,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/posts\/7576\/revisions\/7591"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/media\/7080"}],"wp:attachment":[{"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/media?parent=7576"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/categories?post=7576"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.antemeta.fr\/en\/wp-json\/wp\/v2\/tags?post=7576"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}