Web24 incident

Log4Shell: RCE 0-day exploit - CVE-2021-44228

Notice Resolved View vendor source →

Web24 experienced a notice incident on December 13, 2021, lasting 10d 21h. The incident has been resolved; the full update timeline is below.

Started
Dec 13, 2021, 01:58 AM UTC
Resolved
Dec 23, 2021, 11:57 PM UTC
Duration
10d 21h
Detected by Pingoru
Dec 13, 2021, 01:58 AM UTC

Update timeline

  1. identified Dec 13, 2021, 01:58 AM UTC

    We are investigating the impact of the reported Java Log4j Remote Code Execution Vulnerability (CVE-2021-44228) on our managed clients and infastructure. Packages have already been automatically updated with the upstream patches when available from vendors. When updates are not available from upstream vendors, we are investigating the next best course of action to ensure all systems and services remain secure.

  2. monitoring Dec 17, 2021, 12:32 AM UTC

    We have reviewed all shared hosting and client managed services for the Java Log4j Remote Code Execution Vulnerability (CVE-2021-44228). We have applied upstream patches to fix this issue where applicable. We are continuing to monitoring all shared and managed services in the usual manner.

  3. resolved Dec 23, 2021, 11:57 PM UTC

    This incident has been resolved.