skip to Main Content
+1-888-345-6656 (MOJO) Open A Support Ticket Register     Log in
Log4J Vulnerability And MojoHost

The recently discovered vulnerabilities in the widely used log4j library has caused a massive effort to upgrade affected software across the web. At MojoHost, we have already taken stock of how this affects our own services and our customers. Thankfully, the vast majority of MojoHost customers were never affected by this vulnerability. A small number of MojoHost customers were using software affected by this vulnerability, which we have already proceeded to patch.

Many news sources have falsely indicated that this is a vulnerability with “Apache”. That is incorrect. Log4j is a small logging library, and although it is released by the Apache Foundation, the flagship “Apache” web server, used on many MojoHost servers, was never affected by this vulnerability.

For our customers who are fully self managed, we encourage you to check and see if any susceptible software is in use. The most common software we see among our users which may require patching is Wowza, ElasticSearch and Tomcat. In general, if your application makes use of the Java programming language, it might be susceptible to this vulnerability. If it uses other languages it is not susceptible.

We take security very seriously at MojoHost. We regularly assess emerging security threats and proactively apply fixes to severe vulnerabilities. Our job as a managed hosting provider is to ensure the safety of our customers and their data. If you have any questions about the security of your systems, don’t hesitate to reach out to us, we’re always here to help and answer questions.

 

Additional Resources

United States Cybersecurity & Infrastructure Security Agency

Apache Foundation List of Affected Products

Original Discover from LunaSec

Back To Top