Splunk Security Advisory for Apache Log4j (CVE-2021-44228)
페이지 정보
본문
- Apache Log4j 2(버전 2.0 ~ 2.14.1)에 영향을 미치는 치명적인 원격 코드 실행 취약점이 발견
- 영향을 받는 제품 (2021.12.13 Updated)
Product | Cloud/On-Prem | Impacted Versions | Fixed Version | Workaround |
Add-On: Java Management Extensions | Both | 5.2.0 and previous | Pending | TBD |
Add-On: JBoss | Both | 3.0.0, 2.1.0 | Pending | TBD |
Add-On: Tomcat | Both | 3.0.0, 2.1.0 | Pending | TBD |
Data Stream Processor | On-Prem | DSP 1.0.x, DSP 1.1.x, DSP 1.2.x | Pending | TBD |
IT Essentials Work | Both | 4.11, 4.10.x (Cloud only), 4.9.x | 4.11.1, 4.10.3, 4.9.5, additional versions pending for release early this week | TBD |
IT Service Intelligence (ITSI) | Both | 4.11.0, 4.10.x (Cloud only), 4.9.x, 4.8.x (Cloud only), 4.7.x, 4.6.x, 4.5.x | 4.11.1, 4.10.3, 4.9.5, additional versions pending for release early this week | TBD |
Splunk Connect for Kafka | On-Prem | 2.0.3 | 2.0.4 | Released the patched version on 12/11/21 |
Splunk Enterprise (including instance types like Heavy Forwarders) | On-Prem | All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. See Removing Log4j from Splunk Enterprise below for guidance on unsupported versions. | 8.1.7.1, 8.2.3.2 | See Removing Log4j from Splunk Enterprise section below |
Splunk Enterprise Amazon Machine Image (AMI) | On-Prem | See Splunk Enterprise | Pending | TBD |
Splunk Enterprise Docker Container | On-Prem | See Splunk Enterprise | Pending | TBD |
Splunk Logging Library for Java | On-Prem | 1.11.0 | 1.11.1 | TBD |
Stream Processor Service | Cloud | Current | Pending | TBD |
- 조치 방법
Splunk Enterprise에서 Log4j 버전 2 제거
다음 경로에서 jar 파일 및 디렉터리 제거
- $SPLUNK_HOME/bin/jars/vendors/spark
- $SPLUNK_HOME/bin/jars/vendors/libs/splunk-library-javalogging-*.jar
- $SPLUNK_HOME/bin/jars/thirdparty/hive*
- $SPLUNK_HOME/etc/apps/splunk_archiver/java-bin/jars/*
* splunk 시작 시 jar 파일과 관련된 파일 무결성 오류를 볼 수 있음 => 오류 무시
- 참고사이트 :
https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html
- 참고 문헌 :
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
- https://logging.apache.org/log4j/2.x/security.html
- https://www.splunk.com/en_us/blog/security/log-jammin-log4j-2-rce.html
- 이전글db connect App - jar 파일 확인 21.12.16
- 다음글개념 및 설치 방법_(window) 21.11.11
댓글목록
최고관리자님의 댓글
최고관리자 작성일좋은글 감사합니다. ^^