Splunk Security Advisory for Apache Log4j (CVE-2021-44228) > Splunk 자료실

Splunk Security Advisory for Apache Log4j (CVE-2021-44228)

작성자 kimchimandu
댓글 1건 조회 3,838회 작성일 21-12-14 15:36

- Apache Log4j 2(버전 2.0 ~ 2.14.1)에 영향을 미치는 치명적인 원격 코드 실행 취약점이 발견

- 영향을 받는 제품 (2021.12.13 Updated)

Product	Cloud/On-Prem	Impacted Versions	Fixed Version	Workaround
Add-On: Java Management Extensions	Both	5.2.0 and previous	Pending	TBD
Add-On: JBoss	Both	3.0.0, 2.1.0	Pending	TBD
Add-On: Tomcat	Both	3.0.0, 2.1.0	Pending	TBD
Data Stream Processor	On-Prem	DSP 1.0.x, DSP 1.1.x, DSP 1.2.x	Pending	TBD
IT Essentials Work	Both	4.11, 4.10.x (Cloud only), 4.9.x	4.11.1, 4.10.3, 4.9.5, additional versions pending for release early this week	TBD
IT Service Intelligence (ITSI)	Both	4.11.0, 4.10.x (Cloud only), 4.9.x, 4.8.x (Cloud only), 4.7.x, 4.6.x, 4.5.x	4.11.1, 4.10.3, 4.9.5, additional versions pending for release early this week	TBD
Splunk Connect for Kafka	On-Prem	2.0.3	2.0.4	Released the patched version on 12/11/21
Splunk Enterprise (including instance types like Heavy Forwarders)	On-Prem	All supported non-Windows versions of 8.1.x and 8.2.x only if DFS is used. See Removing Log4j from Splunk Enterprise below for guidance on unsupported versions.	8.1.7.1, 8.2.3.2	See Removing Log4j from Splunk Enterprise section below
Splunk Enterprise Amazon Machine Image (AMI)	On-Prem	See Splunk Enterprise	Pending	TBD
Splunk Enterprise Docker Container	On-Prem	See Splunk Enterprise	Pending	TBD
Splunk Logging Library for Java	On-Prem	1.11.0	1.11.1	TBD
Stream Processor Service	Cloud	Current	Pending	TBD

- 조치 방법

Splunk Enterprise에서 Log4j 버전 2 제거

다음 경로에서 jar 파일 및 디렉터리 제거

* splunk 시작 시 jar 파일과 관련된 파일 무결성 오류를 볼 수 있음 => 오류 무시

- 참고사이트 :

https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html

- 참고 문헌 :

최고관리자 작성일 21-12-15 15:23

좋은글 감사합니다. ^^