log4j zero day exploit. CVE-2021-44228

boley · December 2021

Can you let us know if Security Spy is vulnerable to this?

Ben · December 2021

SecuritySpy is not at all vulnerable to this. This is an exploit in the Apache web server, and SecuritySpy does not use Apache.

boley · December 2021

Thanks for the quick response. Makes me look good to my clients. 😀

caseyd · December 2021

um. it's an exploit in the Log4J package. As a java enterprise developer I've used it all over the place, from silent back end processing to multimedia apps.

Ben · December 2021

Thanks for the correction @caseyd, you are indeed correct. For the avoidance of any doubt, SecuritySpy does not use Log4J at all, so is not subject to any vulnerability in this library.

log4j zero day exploit. CVE-2021-44228

Comments

Categories