Our web application firewall does already detect all known exploits targeting arbitrary GET and POST parameters (CRS rule 932130). However, the rule did not inspect HTTP headers such as the user-agent and referrer yet.
To mitigate attacks against this vulnerability, we
- added the
User-Agent and Referer headers to the targets of the CRS rule 932130
- added another, targeted rule against the usage of
jndi strings
Even though the web application firewall does protect your applications from this issue unless manually disabled, make sure to take the required steps to mitigate the problem at its source, as outlined by Log4j here.
Reference #1093
