StreamShark Log4j2 Customer Advisory Regarding CVE-2021-44228

Summary:

We have reviewed all potentially impacted instances, and cannot reproduce nor find any evidence of successful exploitation of this vulnerability across any StreamShark system after a detailed review of application, system and audit logs. We have patched all hosts containing the vulnerable library with a corrected version on 10 Dec 2021 (PM PST)

Timeline:

10 Dec 2021 (AM PST) CVE-2021-44228 published
10 Dec 2021 (PM PST) CVE library patched by StreamShark on all hosts containing vulnerable library
11 Dec 2021 (PM PST) Additional configuration changes on JVM made to further harden settings vs other potential vulnerability vectors

Dear Customers,

On 10 Dec 2021 (AM PST) StreamShark became aware of CVE-2021-44228 relating to potential vulnerabilities in the use of a common Java logging framework, Apache Log4j2. The impacted versions were between 2.10 =< 2.14.1

Across StreamShark’s own Java-based code, products and endpoints we have standardised on a different logging framework – Log4j2 is not used.

We also performed a detailed review across all other 3rd party libraries and services which are leveraged in the hosting and delivery of StreamShark services across our Event and Scheduler capabilities.

A 3rd-party software engine was identified as having a potentially vulnerable version of Log4j2 on a subset of our Live Event and Live Schedule ingests. These systems were immediately patched on the same day – 10 Dec 2021 (PM PST) with a corrected version of the library.

We have consulted with the vendor of the 3rd party software engine, who reviewed the details of this CVE in the context of their software to identify if there is a threat, and have not confirmed any active threat.

We independently performed our own reconnaissance of the 3rd party software engine and could not successfully replicate the attack vector or achieve success in exploiting this vulnerability on a host unpatched for this CVE. Regardless, as noted, we have patched all hosts containing impacted library on 10 Dec 2021 (AM PST). We also identified further configuration changes to harden against other theoretical but uncommon vulnerability vectors which were deployed on 11 Dec 2021 (PM PST)

We continue to closely monitor the situation at hand as any new information comes to light. If further action is required, we will note it here.

Kind regards,

StreamShark Team

Cookie	Duration	Description
__cfruid	session	Cloudflare sets this cookie to identify trusted web traffic.
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
JSESSIONID	session	New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	session	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
client_token	never	Description is currently not available.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
messagesUtk	5 months 27 days	HubSpot sets this cookie to recognize visitors who chat via the chatflows tool.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_*	1 year 1 month 4 days	Google Analytics sets this cookie to store and count page views.
_gat_gtag_UA_24477138_4	1 minute	Set by Google to distinguish users.
_gat_UA-*	1 minute	Google Analytics sets this cookie for user behaviour tracking.
_gat_UA-24477138-6	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow website owners to track visitor behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
hubspotutk	session	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.
km_ai	5 years	No description available.
ln_or	1 day	Linkedin sets this cookie to registers statistical data on users' behaviour on the website for internal analytics.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
li_sugr	3 months	LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant.
NID	6 months	Google sets the cookie for advertising purposes; to limit the number of times the user sees an ad, to unwanted mute ads, and to measure the effectiveness of ads.
test_cookie	15 minutes	doubleclick.net sets this cookie to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_cfuvid	session	Description is currently not available.
AnalyticsSyncHistory	1 month	No description
cf_clearance	1 year	Description is currently not available.
cp_session	1 month	No description available.
km_ai	5 years	No description available.
km_vs	30 minutes	No description available.
kvcd	session	No description available.
li_gc	2 years	No description
SSN-agxzfm1ldGFjZG4taHJyDwsSBU1lZGlhGInLpo0EDA-1	30 minutes	Description is currently not available.
SSN-agxzfm1ldGFjZG4taHJyDwsSBU1lZGlhGLmWxfEBDA-1	30 minutes	Description is currently not available.
SSN-agxzfm1ldGFjZG4taHJyDwsSBU1lZGlhGPnS2oAEDA-1	30 minutes	Description is currently not available.
VISITOR_PRIVACY_METADATA	5 months 27 days	Description is currently not available.
visitorId	1 year	No description

StreamShark Log4j2 Customer Advisory Regarding CVE-2021-44228

Leave A Comment Cancel reply

Popular Posts

Enterprise Solutions.

Live Streaming.

Video on Demand.

Other.

Company.

StreamShark Log4j2 Customer Advisory Regarding CVE-2021-44228

Share:

Leave A Comment Cancel reply

Popular Posts

Enterprise Solutions.

Live Streaming.

Video on Demand.

Other.

Company.