No Java, No Cry - IPFire is NOT vulnerable to CVE-2021-44228

by Michael Tremer, December 13, 2021, Updated December 13, 2021

Do you like what you are reading? Subscribe to our newsletter and don't miss out on the latest...   Join Now

As you might have already heard in the media, a quite severe security problem in Apache log4j is ripping its way through the world - filed as CVE-2021-44228.

IPFire itself, nor our infrastructure, is or was at any time vulnerable to this problem since we are not using any Java software in either of them.

Mitigation with the IPFire Intrusion Prevention System

In fact, you can use IPFire to prevent that it causes any larger damage in your network by enabling the Intrusion Prevention System and enabling the "exploit" ruleset if you are using the Emerging Threats Community ruleset. IPFire will then examine any plaintext data transfer and mitigate the attack:

Emerging Threats Rules