Release note v3.4.6

Release Notes

Pluribus One Web Application Security®

Pluribus One Web Application Security® is an on-premise solution for monitoring and protecting web services, designed to ensure the security of critical web applications.

Pluribus One Web Application Security® (WAS) includes:

  • Pluribus One WAS® CORE – a AI based core application that monitors and protects your infrastructure.
  • Pluribus One WAS® GUI – a Web Application Graphic User Interface.
  • Pluribus One WAS® TUI – a Text-based User Interface to setup and configure your installation.
  • Pluribus One WAS® CLI – a Command Line Interface to use our software directly from the OS terminal. 



WHAT'S NEW IN VERSION 3.4.6

December 17, 2021

  • In response to the attacks against the CVE-2021-44228 [1] and CVE-2021-45046 [2] vulnerabilities affecting the Log4J [3] library, we have introduced a dedicated detection module that allows you to readily identify attacks as Alert within the Pluribus One WAS® GUI and the Pluribus One WAS® TUI.
  • In response to the attacks against the CVE-2021-44228 [1] and CVE-2021-45046 [2] vulnerabilities affecting the Log4J [3] library, we have introduced a predefined rule set that allows customers with a solution to Web Application Firewall to intercept and block malicious traffic related to these vulnerabilities. The set of rules will be progressively updated by Pluribus One in the presence of evolutions of the attack.

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-44228

[2] https://nvd.nist.gov/vuln/detail/CVE-2021-45046

[3] https://logging.apache.org/log4j/2.x/security.htm

 

It is sufficient to update the Pluribus One WAS® installation package, using the update procedure made available by the package manager in use on the machine on which Pluribus One WAS® is installed to benefit from the updates.

 

WARNING: to perform the update, it will be necessary to install or replace the definition of the RPM Pluribus One repository.

 

The new definition of the repository can be downloaded from the following links:
RHEL 7https://update.pluribus-one.it/web-application-security/web-application-security-el7.repo
RHEL 8https://update.pluribus-one.it/web-application-security/web-application-security-el8.repo