[Transaction Signing] Vulnerability in Apache Log4j Library (CVE-2021-44228)

[Transaction Signing] Vulnerability in Apache Log4j Library (CVE-2021-44228)

Summary

  • On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed:

    • CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP and other JNDI related endpoints

Products Investigation

Netrust has completed the investigation on our products and the following product(s) are found to be affected:
  1. Transaction Signing Libraries

Workarounds (Scripts)

1. Navigate to the location of the scripts and edit it.
2. Add the following command after the 'java' and save the script:
-Dlog4j2.formatMsgNoLookups=true

Workarounds (cli)

1. Running your Business Application with log4j2.formatMsgNoLookups flag set to true, example:



Note: A patch will be released to permanently address the vulnerability.

    • Related Articles

    • [nSign] Vulnerability in Apache Log4j Library (CVE-2021-44228)

      Summary On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed: ​CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP ...

    • [nSeal/SAM] Vulnerability in Apache Log4j Library (CVE-2021-44228)

      Summary On December 9, 2021, the following vulnerability in the Apache Log4j Java logging library affecting all Log4j versions prior to 2.15.0 was disclosed: CVE-2021-44228: Apache Log4j2 JNDI features do not protect against attacker controlled LDAP ...

    • [nSign - Netrust Signing Service] Starting and stopping Signing service

      1. Please use this command in the nSign server to check if any application is occupying port 9091 and share with Netrust Support the screenshots:   Using command prompt, type netstat -na | find "9091"   2a. If there is an application running on port ...

    • [SAM] Generating Certificate Signing Request (CSR) & Importing CA Reply

      Generate CSR Using KeyStore Explorer 1. Open the keystore (pfx) file using KeyStore Explorer 2. Right click on the Entry Name with 'enc' and click Generate CSR 3. Enter your password 4. Save the file as .csr extension 5. Send the .csr file to Netrust ...

    • [nSign] Tomcat Upgrade Guide for Windows

      1 Download latest version of Apache Tomcat Select 32-bit/64-bit Windows Service Installer Transfer Installer into Windows Server Hosting Netrust Application 2. Tomcat Upgrade 2.1. Files and Configuration Backup Create a folder ‘<Netrust ...