For those unable to patch the Apache Log4Shell vulnerability, cybersecurity firm Cybereason has released what they called a “fix” for the 0-day exploit. Cybereason urged people to patch their systems as soon as possible, but for those who cannot update their systems or do so immediately, they have created a tool they are calling “Logout4shell.”
It is freely available on GitHub and Cybereason said it is a relatively simple fix that requires only basic Java skills to implement.
In short, the fix uses the vulnerability itself to set the flag that turns it off. Because the vulnerability is so easy to exploit and so ubiquitous—it’s one of the very few ways to close it in certain scenarios, said Yonatan Striem-Amit, CTO of Cybereason.