ARIN’s Log4j Zero-day Bug Vulnerability Review Results [Archived]

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.

Posted: Wednesday, 15 December 2021

ARIN is aware of the zero-day bug located in Apache Log4j software. We have completed an audit of our codebase for public-facing services and found that ARIN is not vulnerable to this exploit. Our team is actively working with our third-part vendors to identify and resolve any potential issues with their tools and services, and we will be monitoring this situation closely going forward.

For additional information on the log4j vulnerability, please visit NIST’s National Vulnerability Database, located at https://nvd.nist.gov/vuln/detail/CVE-2021-44228.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)

OUT OF DATE?

Here in the Vault, information is published in its final form and then not changed or updated. As a result, some content, specifically links to other pages and other references, may be out-of-date or no longer available.