A Zero Day, Critical Vulnerability and Exploit, termed as a remote code execution (RCE) vulnerability was discovered on Dec. 9, 2021.
This is due to a bug in the ubiquitous Log4j library (CVE-2021-44228) which can allow an attacker to execute arbitrary code on any system that uses the Log4j library. The popular web server, Apache, among other Applications using the Log4j 2 is affected by this vulnerability.
We recommend reviewing the following articles for more details:
Essentially, this is a Zero Day, Critical Vulnerability and Exploit, termed as a remote code execution (RCE) vulnerability in Apache log4j 2. Due to the relatively simple means of executing this exploit and the vast number of systems that are potentially vulnerable to this attack, it is being considered one of the most severe and critical vulnerabilities discovered to date. Regardless of the application or server environment, any system which uses this library is vulnerable to malicious payloads.
It was discovered and identified on Dec. 9, 2021. Shortly after it’s discovery, a Public proof of concept (PoC) code was released and later investigations revealed that the exploitation was very easy to perform.
Apache Proof of Concept
Apache Log4j 2.x <= 2.15.0-rc1
There are a large number of Java-based applications which are using log4j as their logging utility. This makes them vulnerable to this CVE. Here is a partial list of the software that may be impacted (this is not a complete list, but the most common, to the best of our knowledge):
- Apache Struts
- Apache Solr
- Apache Druid
- Apache Flink
- Apache Dubbo
How does this affect GlowFrog Hosting?
GlowFrog does not utilize any of these packages, so our users are safe from this exploit.
Among the only business clients of ours that may have been affected by this Vulnerability, are our Dedicated and Enterprise clients, in which case, security patches have already been applied and mitigative actions have already been taken where applicable.
Not a current GlowFrog customer? Sign up for one of our Managed WordPress plans and enjoy a free, fast migration within 24 hours.