Hyrax and the log4j vulnerabilities
7 views
Skip to first unread message
Alex Kerney
Dec 15, 2021, 12:32:53 PM12/15/21
to sup...@opendap.org
Hi, is Hyrax is susceptible to the log4j remote code execution, information disclosure, and denial of service vulnerabilities that have surfaced in the last week?
While it seems like the most recent issues are with version 2 (<2.16), there are related attacks happening against version 1.
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/ is best resource that I’ve found with up to date information about these vulnerabilities, and links to many other resources.
Thanks,
-Alex Kerney
Gulf of Maine Research Institute
While it seems like the most recent issues are with version 2 (<2.16), there are related attacks happening against version 1.
https://www.techsolvency.com/story-so-far/cve-2021-44228-log4j-log4shell/ is best resource that I’ve found with up to date information about these vulnerabilities, and links to many other resources.
Thanks,
-Alex Kerney
Gulf of Maine Research Institute
James Gallagher
Dec 15, 2021, 5:03:49 PM12/15/21
to Alex Kerney, Gallagher James, sup...@opendap.org
Alex,
Hyrax does not use Log4j, so the vulnerability is not a factor for the server.
Thanks,
James
Reply all
Reply to author
Forward
0 new messages