cubetiq-security-advisors/cve-2021-44228.md

# Zero-Day CVE-2021-44228 (Log4J Java Library)
Details: [https://cubetiq.atlassian.net/browse/CERT-1](https://cubetiq.atlassian.net/browse/CERT-1)

***Resolved***
```text
Upgrade log4j to version: 2.15.0
```

### Spring Boot
##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Multiple Modules)
```kts
allprojects {
    // Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
    ext["log4j2.version"] = "2.15.0"
}
```

##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Single Module)
```kts
// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
implementation(platform("org.apache.logging.log4j:log4j-bom:2.15.0"))
```
***Or***
```kts
// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
ext["log4j2.version"] = "2.15.0"
```

##### Gradle DSL (build.gradle) (Gradle Multiple Modules)
```gradle
allprojects {
    ext {
        // Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
        set('log4j2.version', '2.15.0')
    }
}
```
***Or***
```kts
ext {
    // Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1
    set('log4j2.version', '2.15.0')
}
```

# Check vulnerabilities in Nginx Web Server
```bash
sudo cat /var/log/nginx/access.log | grep '${jndi:'
```

### Blacklist IP Addresses
```
62.210.130.250
45.155.205.233
45.137.21.9
75.76.121.218
167.99.80.0/20
104.248.48.0/20
163.172.157.143
172.111.48.30
45.130.229.168
167.71.0.0/20
193.3.19.159
45.83.64.1
```
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`# Zero-Day CVE-2021-44228 (Log4J Java Library)`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`Details: [https://cubetiq.atlassian.net/browse/CERT-1](https://cubetiq.atlassian.net/browse/CERT-1)`

			`*Resolved*`
			```text
			`Upgrade log4j to version: 2.15.0`
			```

			`### Spring Boot`
			`##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Multiple Modules)`
			```kts
			`allprojects {`
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`ext["log4j2.version"] = "2.15.0"`
			`}`
			```

			`##### Gradle Kotlin DSL (build.gradle.kts) (Gradle Single Module)`
			```kts
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`implementation(platform("org.apache.logging.log4j:log4j-bom:2.15.0"))`
			```
			`*Or*`
			```kts
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`ext["log4j2.version"] = "2.15.0"`
			```

			`##### Gradle DSL (build.gradle) (Gradle Multiple Modules)`
			```gradle
			`allprojects {`
			`ext {`
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`set('log4j2.version', '2.15.0')`
			`}`
			`}`
			```
			`*Or*`
			```kts
			`ext {`
Update and rename cve-2021-44225.md to cve-2021-44228.md 2021-12-11 13:13:16 +07:00			`// Fixed Zero-Day CVE-2021-44228: https://cubetiq.atlassian.net/browse/CERT-1`
Create cve-2021-44225.md 2021-12-11 10:33:33 +07:00			`set('log4j2.version', '2.15.0')`
			`}`
			```
Update cve-2021-44225.md 2021-12-11 10:40:59 +07:00
			`# Check vulnerabilities in Nginx Web Server`
			```bash
			`sudo cat /var/log/nginx/access.log \| grep '${jndi:'`
			```
Update cve-2021-44228.md 2021-12-11 13:55:00 +07:00
			`### Blacklist IP Addresses`
			```
			`62.210.130.250`
			`45.155.205.233`
			`45.137.21.9`
			`75.76.121.218`
Add more blacklist ips 2021-12-13 08:28:35 +07:00			`167.99.80.0/20`
			`104.248.48.0/20`
			`163.172.157.143`
			`172.111.48.30`
			`45.130.229.168`
			`167.71.0.0/20`
Add more blacklist ips 2021-12-13 14:07:58 +07:00			`193.3.19.159`
			`45.83.64.1`
Update cve-2021-44228.md 2021-12-11 13:55:00 +07:00			```