Security notice: Log4j Vulnerability (CVE-2021-44228) Information
Dear VPCart Hosting Customers,
Log4j is a popular logging library for Java applications. It is used for high-performance aggregation of log data from an application. The vulnerability CVE-2021-44228 [MIT2021] in log4j in versions 2.0 to 2.14.1, which enables attackers to execute their own program code on the target system and thus compromise the server. This danger arises if log4j is used to log a character string controlled by the attacker, such as the HTTP user agent. This critical weak point may therefore have an impact on all Java applications accessible from the Internet that use log4j to log parts of the user requests.
We can confirm we are 100% secure from this vulnerability. Our servers are Windows and do not run Apache.
Read more about this at:
TrustGuard - PCI Security Scanner
