title

CRS and Log4j / Log4Shell / CVE-2021-44228 | CRS Project

charset

utf-8

viewport

width=device-width,initial-scale=1

Content-Security-Policy

upgrade-insecure-requests

description

This is an evolving blog post with infos about the role of CRS in defending against the log4j vulnerabilities that threatens quite all logging JAVA …

og:url

https://coreruleset.org/20211213/crs-and-log4j-log4shell-cve-2021-44228/

og:site_name

CRS Project

og:title

CRS and Log4j / Log4Shell / CVE-2021-44228

og:description

This is an evolving blog post with infos about the role of CRS in defending against the log4j vulnerabilities that threatens quite all logging JAVA applications. We believe the mitigations and rules suggested below will have you covered up to and including CVE-2021-45105. In January 2022, we have consolidated our knowledge into a pull request with new rules to be merged into CRS for the next major release. The pull request can be applied to your existing installation for immediate use of the new rules.

og:locale

en

twitter:card

summary_large_image

twitter:image

https://coreruleset.org/images/social-preview.svg

twitter:title

CRS and Log4j / Log4Shell / CVE-2021-44228

twitter:description

This is an evolving blog post with infos about the role of CRS in defending against the log4j vulnerabilities that threatens quite all logging JAVA applications. We believe the mitigations and rules suggested below will have you covered up to and including CVE-2021-45105. In January 2022, we have consolidated our knowledge into a pull request with new rules to be merged into CRS for the next major release. The pull request can be applied to your existing installation for immediate use of the new rules.

apple-touch-icon

https://coreruleset.org/apple-touch-icon.png

icon

https://coreruleset.org/favicon.ico

icon

https://coreruleset.org/favicon.svg

icon

https://coreruleset.org/favicon-32x32.png

preload

https://coreruleset.org/fonts/nunito-v25-latin-regular.woff2