WAF enables message lookup in Log4j2
Description
Using a vulnerable version of Apache Log4j library might enable attackers to exploit a Lookup mechanism that supports making requests using special syntax in a format string which can potentially lead to a risky code execution, data leakage and more. Set your Web Application Firewall (WAF) to prevent executing such mechanism using the rule definition below. Learn more around https://nvd.nist.gov/vuln/detail/CVE-2021-44228[CVE-2021-44228]
Code Example
go
resource "aws_wafv2_web_acl" "pass" {
...
rule {
name = "AWS-AWSManagedRulesKnownBadInputsRuleSet"
priority = 1
override_action {
none {}
}
statement {
managed_rule_group_statement {
name = "AWSManagedRulesKnownBadInputsRuleSet"
vendor_name = "AWS"
}
}
...
}
...
}Remediation
Terraform
- Resource: aws_wafv2_web_acl
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0240 |
| Severity | HIGH |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_192 |