Log4Shell (CVE-2021-44228), a Log4j2 RCE vulnerability, has dominated the news cycle in the world of information security and beyond. Elastic released an advisory detailing how Elastic products and users are impacted, and a blog post describing how our users can leverage Elastic Security to help defend their networks. Join this meetup to get a technical deep dive on the vulnerability. We'll explore the ins and outs of what it does, what an exploited Java application looks like via the Elastic Observability suite, and how to investigate and contain using Elastic Security. Log4Shell (CVE-2021-44228), a Log4j2 RCE vulnerability, impact on Elasticsearch, Logstash, and APM Java Agent. Covering the impact on versions 7.x, 6.x, and 5.x, fix in 7.16.1 / 6.8.21, and mitigations for older versions. Q&A for any open questions you have.
Log4Shell — Detection with the Elastic Search Platform (James Spiteri)
Log4Shell — Impact on Elasticsearch, Logstash, APM Java Agent (Ry Biesemeyer, Alex Reelsen, Philipp Krenn)
