cubetiq-security-advisors/CVE-2021-44228.md

# Zero-Day CVE-2021-44228 (Log4J Java Library)
Details: [https://cubetiq.atlassian.net/browse/CERT-1](https://cubetiq.atlassian.net/browse/CERT-1)

***Resolved***
```text
Upgrade log4j to version: 2.15.0
```

### Spring Boot
##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Multiple Modules)
```kts
allprojects {
    // Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
    ext["log4j2.version"] = "2.15.0"
}
```

##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Single Module)
```kts
// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
implementation(platform("org.apache.logging.log4j:log4j-bom:2.15.0"))
```
***Or***
```kts
// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
ext["log4j2.version"] = "2.15.0"
```

##### Gradle DSL (build.gradle) (Gradle Multiple Modules)
```gradle
allprojects {
    ext {
        // Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
        set('log4j2.version', '2.15.0')
    }
}
```
***Or***
```kts
ext {
    // Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
    set('log4j2.version', '2.15.0')
}
```

# Check vulnerabilities in Nginx Web Server
```bash
sudo cat /var/log/nginx/access.log | grep '${jndi:'
```

### Blacklist IP Addresses
```
62.210.130.250
45.155.205.233
45.137.21.9
75.76.121.218
167.99.80.0/20
104.248.48.0/20
163.172.157.143
172.111.48.30
45.130.229.168
167.71.0.0/20
193.3.19.159
45.83.64.1
167.172.44.255
45.83.193.150
195.54.160.149
167.99.32.139
159.65.216.0/21
157.245.96.0/20
115.144.122.0/24
192.241.192.0/19
195.54.160.0/23
66.240.192.0/18
209.141.32.0/19
136.144.41.0/24
198.98.48.0/20
192.35.168.0/23
134.209.80.0/20
185.189.182.0/24
49.143.32.0/24
177.75.208.0/20
```
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`# Zero-Day CVE-2021-44228 (Log4J Java Library)`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`Details: [https://cubetiq.atlassian.net/browse/CERT-1](https://cubetiq.atlassian.net/browse/CERT-1)`

			`*Resolved*`
			```text
			`Upgrade log4j to version: 2.15.0`
			```

			`### Spring Boot`
			`##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Multiple Modules)`
			```kts
			`allprojects {`
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`ext["log4j2.version"] = "2.15.0"`
			`}`
			```

			`##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Single Module)`
			```kts
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`implementation(platform("org.apache.logging.log4j:log4j-bom:2.15.0"))`
			```
			`*Or*`
			```kts
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`ext["log4j2.version"] = "2.15.0"`
			```

			`##### Gradle DSL (build.gradle) (Gradle Multiple Modules)`
			```gradle
			`allprojects {`
			`ext {`
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`set('log4j2.version', '2.15.0')`
			`}`
			`}`
			```
			`*Or*`
			```kts
			`ext {`
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`set('log4j2.version', '2.15.0')`
			`}`
			```
Update cve-2021-44225.md 2021-12-11 10:40:59 +07:00
			`# Check vulnerabilities in Nginx Web Server`
			```bash
			`sudo cat /var/log/nginx/access.log \| grep '${jndi:'`
			```
Update cve-2021-44228.md 2021-12-11 13:55:00 +07:00
			`### Blacklist IP Addresses`
			```
			`62.210.130.250`
			`45.155.205.233`
			`45.137.21.9`
			`75.76.121.218`
Add more blacklist ips 2021-12-13 08:28:35 +07:00			`167.99.80.0/20`
			`104.248.48.0/20`
			`163.172.157.143`
			`172.111.48.30`
			`45.130.229.168`
			`167.71.0.0/20`
Add more blacklist ips 2021-12-13 14:07:58 +07:00			`193.3.19.159`
			`45.83.64.1`
Add more bl 2021-12-14 13:55:52 +07:00			`167.172.44.255`
			`45.83.193.150`
			`195.54.160.149`
Update cve-2021-44228.md 2021-12-15 10:57:47 +07:00			`167.99.32.139`
Update cve-2021-44228.md 2021-12-15 11:00:19 +07:00			`159.65.216.0/21`
			`157.245.96.0/20`
Update cve-2021-44228.md 2021-12-15 11:24:07 +07:00			`115.144.122.0/24`
			`192.241.192.0/19`
Update cve-2021-44228.md 2021-12-15 11:30:12 +07:00			`195.54.160.0/23`
Update cve-2021-44228.md 2021-12-15 11:43:34 +07:00			`66.240.192.0/18`
Update cve-2021-44228.md 2021-12-15 12:19:56 +07:00			`209.141.32.0/19`
			`136.144.41.0/24`
			`198.98.48.0/20`
			`192.35.168.0/23`
Update cve-2021-44228.md 2021-12-15 13:54:48 +07:00			`134.209.80.0/20`
			`185.189.182.0/24`
			`49.143.32.0/24`
			`177.75.208.0/20`
Update cve-2021-44228.md 2021-12-11 13:55:00 +07:00			```