Apache Log4j 2 is a popular Java logging framework that is used for business system development.
Impact scope: Apache Log4j 2.x < 2.15.0-rc2
Risk level: high
Rule-based defense: A virtual patch is available in the Cloud Firewall console to defend against this vulnerability.
Rule type: command execution
- Check whether the Apache Log4j 2 JAR file is imported into your business system.
If a dependency is imported into your business system, the vulnerability may exist. You can upgrade Apache Log4j 2 to the latest version for your business system.
- Upgrade all applications and components that are affected by the vulnerability to
the latest versions.
For example, if the pring-boot-starter-log4j2/Apache Struts2/Apache Solr/Apache Druid/Apache Flink component is affected by the vulnerability, you must upgrade the component to the latest version.
- Purchase Cloud Firewall Premium Edition or higher.
You can apply for the 7-day free trial of Cloud Firewall Premium Edition. For more information, see Apply for a free trial of Cloud Firewall.