CVE-2021-44228 is a high profile vulnerability impacting multiple versions of a widely distributed Java software component, Apache Log4j 2. The specific vulnerability allows for unauthenticated remote code execution. For additional technical information, the team at LunaSec has an excellent technical writeup on their blog.
In the spirit of transparency, we want to give everyone a succinct update on how Imperva responded and is continuing to focus on this specific CVE.
Imperva Threat Research Response & Observations
Imperva Threat Research sprang into action shortly after this zero-day exLploit was made public. We saw initial attacks attempting to exploit this CVE starting around December 9, 2021 18:00 UTC. Imperva Threat Research detected new CVE-specific attack variants, resulting in the creation of additional security rules. These updates were tested and deployed to the Imperva Global Network and ThreatRadar Feed.
As of writing this blog post, and since rolling out the updated security rules more than 13 hours ago, Imperva has observed 1.4M+ attacks targeting CVE-2021-44228.
Read the full article here: How We’re Protecting Customers & Staying Ahead of CVE-2021-44228