The assumption by @bb77 seems to hold for standard Debian installations. A normal Apache Web-Server install on Debian does not include Log4j and or Java, if I am correct.
However, users of a community version of Nextcloud deployed on a Debian system with Java capabilities installed may find the below information useful:
If Log4j installed there is some advice on a mitigation procedure available here:
However, this procedure may not be easily feasible to community users and all community system admins. Furthermore, due to the comments in the bug report it appears this mitigation may be somewhat incomplete as provided by the Log4j Security Team.
Last not least one may find the advice and explanations provided by the below article useful:
Hope this helps. Please be aware this is a community forum and my humble assumptions may be misleading and/or incorrect.
Happy hacking.
