Ensure Application Gateway WAF prevents message lookup in Log4j2
Error: Application Gateway WAF allows message lookup in Log4j2
Bridgecrew Policy ID: BC_AZR_NETWORKING_47
Checkov Check ID: CKV_AZURE_135
Severity: MEDIUM
Application Gateway WAF allows message lookup in Log4j2
Description
Using a vulnerable version of Apache Log4j library might enable attackers to exploit a Lookup mechanism that supports making requests using special syntax in a format string which can potentially lead to a risky code execution, data leakage and more.
Set your Application Gateway (WAF) to prevent executing such mechanism using the rule definition below.
Learn more around CVE-2021-44228
Fix - Buildtime
Terraform
- Resource: azurerm_frontdoor_firewall_policy
resource "azurerm_web_application_firewall_policy" "example" {
location = "germanywestcentral"
name = "example"
resource_group_name = "example"
managed_rules {
managed_rule_set {
type = "OWASP"
version = "3.1"
}
}
policy_settings {}
}
Updated 6 months ago