It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations. This could allows attackers with control over Thread Context Map (MDC) to craft malicious input data using a JNDI Lookup pattern resulting in a denial of service (DOS) attack. This vulnerability is patched in Log4j version 2.12.2 and 2.16.0. All versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0, are vulnerable.
[EDIT] A new update is released on this vulnerability. Remote Code Execution (RCE) is still possible through bypassing the disabled lookup patch released in 2.15.0 and making a remote lookup connection to external malicious servers.
If you're running any software, especially web server applications, that uses Log4j versions from 2.0-beta9 through 2.12.1 and 2.13.0 through 2.15.0, kindly contact the respective software vendor for a patch or mitigation. For more details on mitigation, refer to this document.
Note: The below steps are applicable only to Desktop Central setups with endpoint security add-on enabled.
To detect your network systems with web server installations that are affected by this vulnerability,
1) Log in to the Desktop Central web console.
2) Navigate to Threats and patches> Threats > Web server misconfigurations
3) Search for "Apache Log4j Vulnerability (CVE-2021-45046)" to find affected Windows systems and "Apache Log4j Vulnerability (CVE-2021-45046) For Linux" to find affected Linux systems.
4) Under the affected systems column, you'll get a total count of systems affected by this vulnerability.
5) Clicking on it will reveal the affected systems.
6) To view the exact web server installations on those systems that are affected by this vulnerability, click on the web server misconfiguration count available for each system.
7) In the resulting table view, the "file path" column displays the file path of the web servers affected by the Apache Log4j Vulnerability (CVE-2021-45046).