Dec 21 2021

Apacheā€™s other product: Critical bugs in ā€˜httpdā€™ web server, patch now!

Category: Web SecurityDISC @ 11:37 am

Pick a random person, and ask them these two questions:

Q1. Have you heard of Apache?
Q2. If so, can you name an Apache product?

Weā€™re willing to wager that you will get one of two replies:

A1. No. A2. (Not applicable.)
A1. Yes. A2. Log4j.

Two weeks ago, however, weā€™d suggest that very few people had heard of Log4j, and even amongst those cognoscenti, few would have been particularly interested in it.

Until a cluster of potentially catastrophic bugs ā€“ originally implemented as features, on the grounds that less is never more ā€“ were revealed under the bug-brand Log4Shell, the Log4j programming library was merely one of those many components that got sucked into and used by thousands, perhaps even hundreds of thousands, of Java applications and utilities.

Log4j was just ā€œpart of the supply chainā€ that came bundled into more back-end servers and cloud-based services than anyone actually realised until now.

Many sysdamins, IT staff and cybersecurity teams have spent the past two weeksĀ eradicating this programmatic plagueĀ from their demesnes. (Yes, thatā€™s a real word. Itā€™s pronouncedĀ domains, but the archaic spelling avoids implying a Windows network.)

Donā€™t forget ā€œthe other Apacheā€

Tags: Apache HTTP Server, Apache patch, critical bug