Context
A critical vulnerability in Log4j package identified by CVE-2021-44228 with CVSS severity of 10, which is the highest score, has been publicly disclosed . The vulnerability may allow for remote code execution in impacted products. See also Apache note on this vulnerability here.

Radware Response

Radware is evaluating the impact of this vulnerability on its own product while at the same time providing protection in our cyber defense product and services allowing to block malicious actors from exploiting this vulnerability.
Radware’s ERT researchers are continuing to research this vulnerability and its impact, and will update the guidance provided to customers when new information is available.  Please make sure to check this advisory for ongoing updates.

Impact on Radware Products & Services

See Product Impact article for a matrix of products and releases with impact analysis and suggested mitigation. This matrix covers both Radware’s product and services.

Mitigation & Protection Options

Radware web application security solutions, AppWall and Cloud WAF Services, detected and blocked Log4Shell exploit attacks through web application parameters and HTTP header fields, from day one, as Server Side Request Forgeries.
Radware’s researchers are developing signatures to be used to block these attacks.  See the Signature Response article for SUS signatures and a way to create used defined signatures to block this CVE.
 

Additional Threat Analysis

Radware published a threat alert that provides an analysis of this threat and guidance on how to stay protected. 
 

Summary of Resources

Validity Alert

This is an ongoing event, please check this advisory for frequent updates as they develop.