Vulnerabilities in Apache web servers
The sic recently informed about various security gaps in the TU's networks that had to be plugged promptly.
Due to current events we have to warn again:
1. the log4shell vulnerability (log4j) can only be considered fixed if log4j 2.17.0 from 18.12.2021 has been installed.
logging.apache.org/log4j/2.x/security.html
2. all Apache webservers older than version 2.4.52 have another dangerous vulnerability and need to be updated