2021-12-15: Log4Shell (CVE-2021-44228 & CVE-2021-45046) Update

This page summarizes the projects mentioned and recommended in the original post on /r/crowdstrike
Logging Apache API Java Library

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • log4j-affected-db

    Discontinued A community sourced list of log4j-affected software

    • Quick thought, if I might: this CVE is going to be difficult for all vulnerability scanners, including Spotlight, as vendors that bundle vulnerable versions of Log4j are not issuing new CVEs for their product — they are piggybacking on 44228. For this reason, vuln. management solutions have to try and write a rule sets for a single CVE that covers tens of thousands of pieces of software. You can see a large, but not exhaustive, list of software that is impacted here.

  • Apache Log4j 2

    Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.

    • The current recommended action for all those impacted by CVE-2021-44228 or CVE-2021-45046 is to update to Log4j 2.16.0or higher.

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

    InfluxDB logo

  • log4shell-rex

    PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs

    • Since you appear to be a regex lover (much respect), I was sent this and it is very cool. Absolutely not my work, but thought I would pass it along to get the ideas flowing.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts