Important information about security vulnerability Log4J2
Sunday, December 5, 2021
Dear Customer,Today we would like to inform you about an important security vulnerability that could affect almost every application installed on your server.As you have probably already learned from the press or from the Federal Office for Information Security (BSI in Germany), an extremely critical security hole was found in the Java library Log4J2.With the help of a simple command, any code can be executed on systems at any time through this critical security hole in the Log4J2 Java library. Log4j is one of the standard loggers for software that was developed with the Java programming language and is therefore very widespread. This security gap has been classified as extremely critical and easy to use for cyber criminals.It can be assumed that criminal hackers are already actively exploiting this security gap and compromising systems in advance. Because of this security issue, additional malware can be downloaded over the course of days, weeks or months and, in the worst case, take entire networks offline.As you can see from the German report at https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnern/DE/2021/2021-549032-10F2.pdf?__blob=publicationFile&v=3, some product manufacturers have already publicly announced that their products and some updates have already been published. Among the affected manufacturers are VMWare, Apache, UniFi, Atlassian and others.This list of affected manufacturers is not exhaustive and is continuously updated. You can find an initial overview at https://github.com/NCSC-NL/log4shell/tree/main/software.Since we, as a server provider, are interested in protecting your data and server systems, we would like to use this notification to sensitize you to check your system for mentioned weak points. You are the responsible administrator and we can only recommend that you check your system for the installed application and update it promptly if the manufacturer has a security patch.
All Managed servers of hostseo already got Log4j2 patch applied. If your server is unmanaged you may process the update accordingly or, contact with us to perform the update.We hope that could help you with the information provided.Kind regardsHostseo Team