Get 15% Off! Use Coupon: GlowUp-15

The deal ends in

Migrate Now
Hosting
  • wordpress

    WordPress Hosting

    ecommerce

    WooCommerce Hosting

    wordpress

    Medium to Large Business

    clouds

    Custom & High Performance Stacks

    servers

    Enterprise & Dedicated Solutions

    domains

    Domains

    Explore Our Platform
    View
Services
Pricing
About
Save Time & Money
Benchmarks
Blog
Login

Log in

contact

Contact Us

Home
Hosting
WordPress Plans
WooCommerce Plans
Large Business
Custom Solutions
Services
Award Winning Security & Hack Removal
WordPress Migration
Pricing
About
Save Time & Money
Performance Benchmarks
Live Chat
Blog & Knowledgebase
Login

Zero Day Vulnerability Log4j – CVE-2021-44228

GlowFrog
Uncategorized
Dec 13, 2021
0

A Zero Day, Critical Vulnerability and Exploit, termed as a remote code execution (RCE) vulnerability was discovered on Dec. 9, 2021.

This is due to a bug in the ubiquitous Log4j library (CVE-2021-44228) which can allow an attacker to execute arbitrary code on any system that uses the Log4j library. The popular web server, Apache, among other Applications using the Log4j 2 is affected by this vulnerability.

We recommend reviewing the following articles for more details:

What happened?

Essentially, this is a Zero Day, Critical Vulnerability and Exploit, termed as a remote code execution (RCE) vulnerability in Apache log4j 2. Due to the relatively simple means of executing this exploit and the vast number of systems that are potentially vulnerable to this attack, it is being considered one of the most severe and critical vulnerabilities discovered to date. Regardless of the application or server environment, any system which uses this library is vulnerable to malicious payloads.

When?

It was discovered and identified on Dec. 9, 2021.  Shortly after it’s discovery, a Public proof of concept (PoC) code was released and later investigations revealed that the exploitation was very easy to perform.

Apache Proof of Concept

Affected Version(s)

Apache Log4j 2.x <= 2.15.0-rc1

Affected Software

There are a large number of Java-based applications which are using log4j as their logging utility. This makes them vulnerable to this CVE. Here is a partial list of the software that may be impacted (this is not a complete list, but the most common, to the best of our knowledge):

  • Apache Struts
  • Apache Solr
  • Apache Druid
  • Apache Flink
  • ElasticSearch
  • Flume
  • Apache Dubbo
  • Logstash
  • Kafka
  • Spring-Boot-starter-log4j2

How does this affect GlowFrog Hosting?

GlowFrog does not utilize any of these packages, so our users are safe from this exploit.

Among the only business clients of ours that may have been affected by this Vulnerability, are our Dedicated and Enterprise clients, in which case, security patches have already been applied and mitigative actions have already been taken where applicable.

Not a current GlowFrog customer? Sign up for one of our Managed WordPress plans and enjoy a free, fast migration within 24 hours.

How to Setup SPF, DKIM and DMARC in cPanel

Next

Powerful WordPress Tools

Products

Solutions

Legal

Contact

GlowFrog (1)

© 2022 GlowFrog Hosting, LLC. All rights reserved. | Proudly Powered by Vultr and Google Cloud

Facebook Youtube Instagram
Get Notified.

Provide us with your email and we will keep you informed with latest updates and news.

Migrate Your WordPress Site to GlowFrog

Need Help Optimizing your WordPress Site?

Talk to our Experts and get a complimentary website review and consultation.