Response to CVE-2021-44228 Zero Day Vulnerability for Apache Log4j

The Security Team at Edgecast, now Edgio, has been continually monitoring the developments surrounding the log4j zero-day vulnerability (CVE-2021-44228). We have been working closely with our customers to assess and mitigate risks.

After an internal investigation by our engineering teams, we do not believe Edgio infrastructure and systems are currently exposed to this vulnerability.

Additionally, we have analyzed the vulnerability and developed rules for our dual WAF to protect our customers. This effort has resulted in three new rules in our WAF Managed Rules. These new rules are specifically designed for Log4j and look for vulnerabilities in header, body and URI. You can find the following rule IDs: 431007, 431008, 431009 under the “EC Custom” category in Managed Rules.

Customers using WAF Managed Rules that have the “Automatically opt-in to the latest ECRS ruleset” toggle enabled (our recommended setting) have already received the new Log4j rules. Customers who manually opt in to new ECRS (Edgecast Ruleset) versions will need to update their Managed Rules config to the latest version, once the latest version is selected, the three new Log4j rules will be enabled.

Besides the three new WAF rules, we have established an additional response mechanism where Edgio Security Operations Center (SOC) team can deploy on-demand patches via our WAF Custom Rules across customer’s properties on their behalf as new and rapidly evolving Log4j exploit variants and bypasses are discovered. It will tighten the OODA loop to minimize the time it would take between when new exploits are discovered and mitigation has been implemented.

Our security team continues to monitor and assess new exploit variants that can be used to bypass a generic Log4j WAF protection, and will develop new rules as required. The team will also continue to provide updates as we learn more and respond to the evolving situation.

Edgio Customer Support