×

Update: Apache Log4J Vulnerability

CharlieK Headshot

By: Charles Kraus, Senior Product Marketing Manager

December 13, 2021

Limelight Networks has been actively tracking the newly discovered Apache Log4J vulnerability for which security researchers have found active exploitation taking place across the Internet. For reference, known details of the vulnerability can be found here:

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

The vulnerable component, Log4J, is quite common on systems that run Java applications. This high severity vulnerability is actively being exploited across the Internet allowing the attacker to perform remote code execution on the victim’s systems.

Immediately following notice of the newly discovered vulnerability on December 9, Limelight’s information security team and technical leadership kicked off a high priority investigation to determine its impact within our environment, if any. Limelight does not use Java within the critical path of its delivery network, and we have not discovered any exploitations during our investigation. We have included our findings by product line at the bottom of this document.

Limelight will continue its work ensuring that the Log4J vulnerability is not impacting our environment, nor our customers. Limelight also continues to work with its vendors to ensure that appropriate responsive measures are being taken on their end.

Given its severity and broad use throughout the Internet, Limelight highly recommends that our customers perform similar actions to ensure their environment is safe from such attacks. Everyone should update vulnerable systems to the latest version of Log4J as soon as possible or implement configuration changes to reduce the risk of exploitation until patching can occur. Additionally, make sure to check with all your vendor partners to understand their exposure and actions to this risk.

If you have further questions about our response to this threat, or to discuss how to best protect yourself, please do not hesitate to contact us.

Limelight Networks Product-Specific Critical Path Exposure

EdgePrism: No Log4j exposure

Storage: No Log4j exposure

EdgeFunctions: No Log4j exposure

RTS: No Log4j exposure

Layer0/AppOps: No Log4j exposure

MMD: Uses non-vulnerable version of Log4j