Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
FnUser
New Contributor II

Created on ‎12-13-2021 05:49 PM Edited on ‎12-13-2021 05:50 PM

Test request for IPS signature (CVE-2021-44228)

Does anybody knows how to trigger IPS signature for CVE-2021-44228? Sample of the test request would be nice.

Labels:
5078
0 Kudos
5 REPLIES 5
jdelafuente_FTNT
Staff
Staff

Created on ‎12-13-2021 05:54 PM

Hello, here is some information related:

https://www.fortiguard.com/outbreak-alert/log4j2-vulnerability

 

1. Security Profiles/Intrusion Prevention/ <IPS profile name>/Edit
2. IPS Signatures and Filters/Create New
3. Type-Signature/Action-Block/Status-Enable/ search-apache.log (then clic in search icon)
4. Select (clic) "Apache.Log4j.Error.Log.Remote.Code.Executio.." - add Selected - clic OK
5. Put this new entry on top (drop it)
6. Clic OK

Add New signature for Apache vulnAdd New signature for Apache vulnputit on topputit on top

Jonathan De La Fuente | LATAM TAC Engineer
5031
0 Kudos
FnUser
New Contributor II
In response to jdelafuente_FTNT

Created on ‎12-13-2021 05:57 PM

I have no problem to activate it, how can I test it to make sure it works? 

5028
0 Kudos
jdelafuente_FTNT
Staff
Staff
In response to FnUser

Created on ‎12-13-2021 06:13 PM

May this help.

https://www.picussecurity.com/resource/blog/simulating-and-preventing-cve-2021-44228-apache-log4j-rc...

Jonathan De La Fuente | LATAM TAC Engineer
5016
0 Kudos
zeki893
New Contributor II

Created on ‎12-13-2021 05:59 PM

You can try this method:

https://twitter.com/ThinkstCanary/status/1469439743905697797?s=20

5021
FnUser
New Contributor II

Created on ‎12-13-2021 06:28 PM

Didn't trigger on IPSDidn't trigger on IPS

5012
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.