{"id":10775,"date":"2021-12-14T06:26:33","date_gmt":"2021-12-14T14:26:33","guid":{"rendered":"https:\/\/www.coretechnologies.com\/blog\/?p=10775"},"modified":"2022-02-21T13:36:14","modified_gmt":"2022-02-21T21:36:14","slug":"apache-log4j-vulnerability","status":"publish","type":"post","link":"https:\/\/www.coretechnologies.com\/blog\/support\/apache-log4j-vulnerability\/","title":{"rendered":"We&#8217;re Not Affected by the December 2021 Apache Log4j Vulnerability"},"content":{"rendered":"<div align=\"center\"><img loading=\"lazy\" decoding=\"async\" class=\"no-lazy-load\" src=\"\/blog\/images\/apache-log4j-vulnerability.webp\" style=\"margin-bottom:20px;\" title=\"We're Not Affected by the Apache Log4j Vulnerability\" alt=\"We're Not Affected by the Apache Log4j Vulnerability\" border=\"0\" width=\"380\" height=\"160\"><\/div>\n<p>In early December 2021, a severe <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_blank\" rel=\"noopener\">remote code vulnerability<\/a> was revealed in <a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/\" target=\"_blank\" rel=\"noopener\">Apache Log4j<\/a> &mdash; a very popular Java-based logging framework used by developers of web and server applications.<\/p>\n<p>The vulnerability affects a broad range of services and applications on servers, making it extremely dangerous &mdash; and the latest updates for those server applications urgent! In fact, malicious actors are <a href=\"https:\/\/www.zdnet.com\/article\/log4j-flaw-attackers-are-making-thousands-of-attempts-to-exploit-this-severe-vulnerability\/\" target=\"_blank\" rel=\"noopener\">already hard at work exploiting the flaw<\/a>.<\/p>\n<p>We&#8217;re taking this issue very seriously at Core Technologies Consulting. A thorough analysis of our systems has concluded that:<\/p>\n<ul>\n<li>\n<p><b>None of our Windows software uses Apache Log4j.<\/b><\/p>\n<p>\n<a href=\"\/products\/AlwaysUp\">AlwaysUp<\/a>, <a href=\"\/products\/ServiceProtector\">Service Protector<\/a> and our free utilities are not exposed.\n<\/p>\n<\/li>\n<li>\n<p><b>Log4j2 <= 2.14.1 is not used by any software in our infrastructure.<\/b><\/p>\n<p>\nOur back end components use other logging frameworks (e.g. <a href=\"https:\/\/github.com\/Seldaek\/monolog\" target=\"_blank\" rel=\"noopener\">Monolog<\/a>) to capture important messages from the server software.\n<\/p>\n<\/li>\n<li>\n<p><b>All back end security patches have been applied.<\/b><\/p>\n<p>\nOur Linux application servers are configured to automatically deploy security patches as they become available.\n<\/p>\n<\/li>\n<\/ul>\n<p>We&#8217;ll continue to monitor the situation as it evolves.<\/p>\n<p>Please be sure to <a href=\"\/support\">reach out to our support team<\/a> if you have any questions or would like additional information.<\/p>\n<p>Stay safe!<\/p>\n<!-- relpost-thumb-wrapper --><div class=\"relpost-thumb-wrapper\"><!-- filter-class --><div class=\"relpost-thumb-container\"><style>.relpost-block-single-image, .relpost-post-image { margin-bottom: 10px; }<\/style><h3>You may also like...<\/h3><div style=\"clear: both\"><\/div><div style=\"clear: both\"><\/div><!-- relpost-block-container --><div class=\"relpost-block-container relpost-block-column-layout\" style=\"--relposth-columns: 3;--relposth-columns_t: 2; --relposth-columns_m: 2\"><a href=\"https:\/\/www.coretechnologies.com\/blog\/alwaysup\/vs-custom-windows-service\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Why Should I Buy AlwaysUp Instead of Writing My Own Windows Service?\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/build-vs-buy-150x150.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Why Should I Buy AlwaysUp Instead of Writing My Own Windows Service?<\/h2><\/div><\/div><\/a><a href=\"https:\/\/www.coretechnologies.com\/blog\/windows\/windows-server-2022\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Windows Server 2022: A Few Improvements, but No Changes to Windows Services\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/windows-server-2022-standard-150x150-1.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Windows Server 2022: A Few Improvements, but No Changes to Windows Services<\/h2><\/div><\/div><\/a><a href=\"https:\/\/www.coretechnologies.com\/blog\/service-protector\/version-8-released\/\"class=\"relpost-block-single\" ><div class=\"relpost-custom-block-single\"><img decoding=\"async\" loading=\"lazy\" class=\"relpost-block-single-image\" alt=\"Service Protector 8 Maximizes Service Uptime with Advanced Sanity Checks\"  src=\"https:\/\/www.coretechnologies.com\/blog\/wp-content\/uploads\/whats-new-3-150x150-1.png\" style=\"aspect-ratio:1\/1\" style=\"aspect-ratio:1\/1\"><\/img><div class=\"relpost-block-single-text\"  style=\"height: 75px;font-family: Arial;  font-size: 12px;  color: #333333;\"><h2 class=\"relpost_card_title\">Service Protector 8 Maximizes Service Uptime with Advanced Sanity Checks<\/h2><\/div><\/div><\/a><\/div><!-- close relpost-block-container --><div style=\"clear: both\"><\/div><\/div><!-- close filter class --><\/div><!-- close relpost-thumb-wrapper -->","protected":false},"excerpt":{"rendered":"<p>In early December 2021, a severe remote code vulnerability was revealed in Apache Log4j &mdash; a very popular Java-based logging framework used by developers of web and server applications. The vulnerability affects a broad range of services and applications on &hellip; <a href=\"https:\/\/www.coretechnologies.com\/blog\/support\/apache-log4j-vulnerability\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":10777,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[26,269,143,147,270,161],"class_list":["post-10775","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-support","tag-alwaysup-tag","tag-log4j","tag-security","tag-service-protector-tag","tag-software-vulnerability","tag-product-support"],"_links":{"self":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/10775","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/comments?post=10775"}],"version-history":[{"count":8,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/10775\/revisions"}],"predecessor-version":[{"id":10926,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/posts\/10775\/revisions\/10926"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/media\/10777"}],"wp:attachment":[{"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/media?parent=10775"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/categories?post=10775"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.coretechnologies.com\/blog\/wp-json\/wp\/v2\/tags?post=10775"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}