Critical vulnerability in Apache Log4j library

15 Dec 2021

Critical vulnerability in Apache Log4j library

Dear client, you may have noticed a number of articles recently mentioning that researchers have discovered a vulnerability in Apache Log4j library and as a result have concerns regarding hosting which we provide. Specific details on the vulnerability can be found here: https://tinyurl.com/y3hhyjs9

The reason for this vulnerability being such a grave concern is two-fold:

  1. It is used by many large software companies and online services; and
  2. A successful execution using this vulnerability can lead to the attacker gaining full control of the system.

Very small number of systems we manage which could be affected

Although we do not commonly use Java (the specific software this relates to) on our applications or management systems, after being alerted to this vulnerability, we carried out a targeted vulnerability scan of our hosting infrastructure and found a very small number of systems we manage which could be affected by this (less than 1% of the more than 2000 websites we provide hosting for).

For those which could be affected, patching to latest software versions to remediate was completed on Monday 13th December and at this stage, have no further cause for concern.

We will continue to monitor related developments regarding this exploit and keep a close eye on vendor announcements to ensure the security of our systems.

Give us a quick overview and some contact details and we’ll provide a free work quote.