20i Domains

Log4j vulnerability

Discussion in 'Nominet General Information' started by Acorn Newsbot, Dec 14, 2021.

  1. Acorn Newsbot

    Acorn Newsbot Junior Member

    Joined:
    Jan 2006
    Posts:
    22,122
    Likes Received:
    37
    As widely reported, the Log4j critical vulnerability has gained much attention in the press.

    The Log4j vulnerability targets a widely used Java library developed and maintained by the Apache foundation and carries a CVSS rating of 10 out of 10 in terms of criticality.

    Since we became aware of this issue on the morning of Friday 10th December, Nominet’s response activities have been prioritised with all relevant teams focused on working to understand our level of exposure and associated risk.

    All internal systems have now been reviewed with patches and mitigations being deployed as they arise. We continue to work with third party suppliers to ensure vulnerabilities are addressed. While we remain on high alert, there is no evidence of compromise to systems or data.

    We would like to highlight public resources which we have found to be both concise and informative:


    The security of our products and services is a top priority and critical to our ongoing commitment of fostering trust and transparency for our customers. This is an evolving situation, and we will continue to take prompt action as necessary.

    The post Log4j vulnerability appeared first on Nominet.

    Continue reading...
     
  2. Domain Forum

    Acorn Domains Elite Member

    Joined:
    1999
    Messages:
    Many
    Likes Received:
    Lots
    articles.co.uk