{"id":6963,"date":"2021-12-23T13:54:15","date_gmt":"2021-12-23T04:54:15","guid":{"rendered":"https:\/\/chat-messenger.com\/?p=6963"},"modified":"2022-02-17T03:33:58","modified_gmt":"2022-02-16T18:33:58","slug":"apache-log4j-cve-2021-44228","status":"publish","type":"post","link":"https:\/\/chat-messenger.com\/en\/info\/apache-log4j-cve-2021-44228","title":{"rendered":"Apache Log4j Vulnerability Response"},"content":{"rendered":"<h2>Apache Log4j Vulnerability Overview<\/h2>\n<p>Vulnerability in Apache Log4j (<a href=\"https:\/\/www.ipa.go.jp\/security\/ciadr\/vul\/alert20211213.html\" rel=\"noopener\" target=\"_blank\">CVE-2021-44228<\/a>) has been released. It is estimated that 1\/3 of the world's servers will be affected (from WBS, 12\/15).<\/p>\n<p>In a system that outputs user input values and information to logs, there is a possibility of remote code execution if a malicious external user attacks the system.<\/p>\n<div class=\"point\">\nUpdate:12\/23 <br \/>\nAlthough we have taken countermeasures since 12\/15, there are still reports from the IPA and others that additional measures are needed. We are working on the latest Log4j update and removing the root cause, the JndiLookup class, from the classpath.\n<\/div>\n<h2>Our products affected and our response<\/h2>\n<h4>Chat&amp;Messenger desktop, web app, mobile app<\/h4>\n<p>No impact (no use of the library, including past versions)<\/p>\n<h4>On-premise CAMserver<\/h4>\n<p><mark>On-premise CAMserver with <a href=\"https:\/\/chat-messenger.com\/en\/manual\/camserver\/how_to_install_camserver\/#enterprise_video_server\" rel=\"noopener\" target=\"_blank\">Start video server<\/a>The case is applicable if you are a member of a group of companies that are<\/mark><\/p>\n<p>There was a dependency of the library on the video server for web conferencing, but the process of outputting user information to the log is not applicable. We have notified the system administrator and will support the upgrade of the system.<\/p>\n<h4>Chat&amp;Messenger Cloud Server<\/h4>\n<p>There was a dependency on the corresponding library on our cloud web conferencing video server, but the process of outputting user information to the log is not applicable.<br \/>\nUpdates have been reflected on the video server on 12\/14.<\/p>","protected":false},"excerpt":{"rendered":"<p>Apache Log4j vulnerability summary Apache Log4j vulnerability (CVE-2021-44228) has been publicly disclosed [\u2026]<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"swell_btn_cv_data":""},"categories":[5],"tags":[],"_links":{"self":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/6963"}],"collection":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/comments?post=6963"}],"version-history":[{"count":22,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/6963\/revisions"}],"predecessor-version":[{"id":7104,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/posts\/6963\/revisions\/7104"}],"wp:attachment":[{"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/media?parent=6963"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/categories?post=6963"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/chat-messenger.com\/en\/wp-json\/wp\/v2\/tags?post=6963"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}