www.cisa.gov
Open in
urlscan Pro
2a02:26f0:6c00:28e::447a
Public Scan
URL:
https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures
Submission: On December 27 via manual from BR — Scanned from DE
Submission: On December 27 via manual from BR — Scanned from DE
Form analysis 3 forms found in the DOM
GET https://search.us-cert.gov/search
<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-xs searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-desktop" name="affiliate" type="hidden" value="us-cert">
<div class="form-group"><label class="sr-only" for="query-desktop">Enter Search Terms(s):</label>
<div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-desktop" name="query" placeholder="Search" type="text">
<div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" data-entity-type="" data-entity-uuid="" src="/sites/default/files/cert/search-icon.png" title="search icon"></button></div>
</div>
</div>
</form>GET https://search.us-cert.gov/search
<form accept-charset="UTF-8" action="https://search.us-cert.gov/search" class="hidden-lg hidden-md searchbox" method="get"><input name="utf8" type="hidden" value="✓"><input id="affiliate-mobile" name="affiliate" type="hidden" value="us-cert">
<div class="form-group"><label class="sr-only" for="query-mobile">Enter Search Terms(s):</label>
<div class="input-group"><input autocomplete="off" class="form-control form-control-custom input-lg" id="query-mobile" name="query" placeholder="Search" type="text">
<div class="input-group-addon input-group-addon-custom"><button class="submit input-lg"><img alt="search icon" data-entity-type="" data-entity-uuid="" src="/sites/default/files/cert/search-icon.png" title="search icon"></button></div>
</div>
</div>
</form>https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify
<form action="https://public.govdelivery.com/accounts/USDHSCISA/subscribers/qualify"><label class="visually-hidden" for="email-address-field">Enter your email address</label> <input class="signup-form" id="email-address-field" name="email"
placeholder=" Enter your email address" title="Enter your email address" type="text"><br><input class="btn btn-primary" name="submit" title="Sign up for alerts" type="submit" value="Sign Up"> </form>Text Content
Skip to main content An official website of the United States government Here's how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock () or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites. Enter Search Terms(s): CISA.gov Services Report -------------------------------------------------------------------------------- Toggle navigation Enter Search Terms(s): CISA.gov Services Report CERTMAIN MENU * Alerts and Tips * Resources * Industrial Control Systems * Report -------------------------------------------------------------------------------- TLP:WHITE TLP:WHITE ED 22-02: APACHE LOG4J RECOMMENDED MITIGATION MEASURES In accordance with Emergency Directive (ED) 22-02 Mitigate Apache Log4j Vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) is providing Federal Civilian Executive Branch agencies the following mitigation measures. In addition to the mitigation measures, CISA recommends network defenders review the Log4j JNDI attack chart below, courtesy of the Swiss Government Computer Emergency Response Team (GovCERT). MITIGATION MEASURES When updates are available, agencies must update software using Log4j to the newest version, which is the most effective and manageable long-term option. Where updating is not possible, the following mitigating measures can be considered as a temporary solution and apply to the entire solution stack. * Disable Log4j library. Disabling software using the Log4j library is an effective measure, favoring controlled downtime over adversary-caused issues. This option could cause operational impacts and limit visibility into other issues. * Disable JNDI lookups or disable remote codebases. This option, while effective, may involve developer work and could impact functionality. * Disconnect affected stacks. Solution stacks not connected to agency networks pose a dramatically lower risk from attack. Consider temporarily disconnecting the stack from agency networks. * Isolate the system. Create a “vulnerable network” VLAN and segment the solution stack from the rest of the enterprise network. * Deploy a properly configured Web Application Firewall (WAF) in front of the solution stack. Deploying a WAF is an important, but incomplete, solution. While threat actors will be able to bypass this mitigation, the reduction in alerting will allow an agency SOC to focus on a smaller set of alerts. * Apply micropatch. There are several micropatches available. They are not a part of the official update but may limit agency risk. RECOMMENDED RISK MANAGEMENT APPROACH CISA evaluates both likelihood of exploitation and impact to agencies’ missions and National Critical Functions to be extremely high. Adversaries are actively exploiting this vulnerability in unforeseeable ways that are increasingly able to penetrate affected solutions stacks connected to agency networks. Mature exploitation tools are freely available, allowing even unsophisticated adversaries capable of gaining a foothold, maintaining persistence, and causing harm. CISA assesses that in most cases, limited, controlled disruptions are preferable to those at a time and impact of adversaries’ choosing. Therefore, CISA urges agencies to adopt mitigations that factor timeliness and ease of execution, as well as completeness. While more complete mitigations are preferable, prompt, simple actions can buy time to develop and implement more complex and complete ones. CISA expects that many solutions stacks will require multiple mitigating steps in the coming months to adequately address risk from this vulnerability. VISUAL GUIDE TO MITIGATION OPTIONS The chart below was developed by the Swiss Government's GovCERT and provides a visual guide to mitigation options. CONTACT US (888)282-0870 Send us email(link sends email) Download PGP/GPG keys Submit website feedback SUBSCRIBE TO ALERTS Receive security alerts, tips, and other updates. Enter your email address HSIN Report -------------------------------------------------------------------------------- Home Site Map FAQ Contact Us Traffic Light Protocol PCII Accountability Disclaimer Privacy Policy FOIA No Fear Act AccessibilityPlain WritingPlug-ins Inspector General The White House USA.gov CISA is part of the Department of Homeland Security