Overview of the issue
Log4J 2 has a Remote Code Execution (RCE) vulnerability that is easily exploitable simply by logging a message with specific content.
Since many systems log to e.g. access logs, it is enough to trigger it by sending a special message - e.g. with a UserAgent HTTP header containing this - this is extremely easy for an attacker and it is vital that systems are updated immediately.
See more information at: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Examples of different payloads being used actively: https://blog.cloudflare.com/actual-cve-2021-44228-payloads-captured-in-the-wild/
How Ceptor can help
Ceptor fortunately does not use Log4J2, but instead SLF4J/Logback, (and Log4J v1.x if configured to do so) so it is not affected.
You can configure the gateway to detect and reject requests that attempt to exploit this vulnerability in applications behind Ceptor Gateway (see Ceptor Gateway )
"Below is an example of 2 Gateway Location’s that detect this and return a 400 Invalid Request HTTP response to the client if any HTTP header value, URL or Request Body contains the string “${jndi”.
...