Log4j Remediation

Identify and remediate the critical Log4j vulnerability found in the Apache Log4j library.


The problem

The Log4j vulnerability, also known as Log4Shell, is a critical security flaw in the Apache Log4j library, which is a widely used logging utility for Java applications. The vulnerability was first disclosed in December 2021 and has been assigned the identifier CVE-2021-44228.

The Log4j vulnerability is a remote code execution (RCE) vulnerability that allows an attacker to execute arbitrary code on a vulnerable system by simply sending a specially crafted log message. The vulnerability lies in the way Log4j handles JNDI (Java Naming and Directory Interface) lookups within log messages. By including a malicious JNDI reference in a log message, an attacker can cause the Log4j library to inadvertently load and execute code from a remote server under the attacker's control.

This vulnerability is particularly concerning because of its ease of exploitation and the widespread use of the Log4j library in various Java applications, including web servers, application servers, and other enterprise software. The widespread use of the Log4j library makes it particularly difficult to discover across a large infrastructure fleet as it requires inspection of running applications & nodes. Once discovered, patching the vulnerability can take days, sometimes weeks as machine restarts are required without impacting the existing running applications.

The solution

This Shoreline runbook makes it simple to create an alarm that is configured to constantly look for the Log4j vulnerability across all cloud accounts in your fleet. Once the vulnerability is found, Slack notifications are sent to configured channels alerting about the existence of the vulnerability.

Shoreline doesn’t just alert, it remediates. Customers can create actions that will patch the log4j vulnerability by pulling down the fix from an approved central repository. Further actions can also be created to verify that the patch has been applied. Lastly, the Log4j OpPack combines the alarm & actions into a Shoreline Bot that will detect and remediate the vulnerability without any human involvement.


Customer experience impact
Unnecessary spending & utilization of valuable resources
Occurrence frequency
Monthly varying on size of development environments
Shoreline time to repair
1-2 minutes to detect Log4j vulnerability and automatically apply a patch to repair
Time to diagnose manually
Multiple days to manually find the Log4j vulnerability across all applications & infrastructure
Critical vulnerability that can lead to malicious actors gaining access to applications & infrastructure
Cost impact
Avoid rapidly increasing cloud computing costs from idle instances
Time to repair manually
Multiple days to manually find the Log4j vulnerability & patch it across all applications & infrastructure

Related Solutions