Saturday, May 21st, 2022

Log4Shell/Log4J Vulnerability – What You Need to Know – Pagely

As you may have heard, there is a major security vulnerability floating around called Log4Shell right now. If not, let’s get you up to speed.

Log4Shell is a critical software vulnerability that is spreading across millions of platforms. By exploiting a security flaw in Apache Log4J, an attacker is able to execute arbitrary code loaded from an LDAP server when message lookup substitution is enabled.

Although new software vulnerabilities are discovered every day, what sets Log4Shell apart is the widespread adoption of Log4J, with the high severity and level of difficulty involved in identifying vulnerable systems.

tl; DR: It’s a big deal.

How is Pagely affected?

An important part of Pugli’s security posture is ensuring that all of our systems are well documented, which makes it fairly easy to determine if anything in our stack is vulnerable. Thanks to strict documentation practices as well as additional security hardening and penetration testing, We believe Pagely customers are not affected by the Log4Shell/Log4J vulnerability,

additional resources

We recommend that you stay informed about this vulnerability, as there is a reasonable possibility that other services you may be using may be vulnerable. For more information, see the detailed list of software affected by the Log4Shell exploit.

For more information on how the vulnerability can be exploited, see also CVE-2021-44228.

As always, if we become aware of any additional concerns arising from this vulnerability, we will provide further updates as necessary.

Source link