ARIN’s Log4j Zero-day Bug Vulnerability Review Results

Posted: Wednesday, 15 December 2021

ARIN is aware of the zero-day bug located in Apache Log4j software. We have completed an audit of our codebase for public-facing services and found that ARIN is not vulnerable to this exploit. Our team is actively working with our third-part vendors to identify and resolve any potential issues with their tools and services, and we will be monitoring this situation closely going forward.

For additional information on the log4j vulnerability, please visit NIST’s National Vulnerability Database, located at https://nvd.nist.gov/vuln/detail/CVE-2021-44228.

Regards,

Mark Kosters
Chief Technology Officer
American Registry for Internet Numbers (ARIN)