![]() ![]() Worst Apache Log4j RCE Zero day Dropped on Internet Zero-day in ubiquitous Log4j tool poses a grave threat to the Internet Is my understanding - that Log4j v1.2 - is not vulnerable to the jndi-remote-code execution bug correct? References Log4j 1.2 appears to have a vulnerability in the socket-server class, but my understanding is that it needs to be enabled in the first place for it to be applicable and hence is not a passive threat unlike the JNDI-lookup vulnerability which the one identified appears to be. The question is, while the posts on the Internet indicate that Log4j 1.2 is also vulnerable, I am not able to find the relevant source code for it.Īm I missing something that others have identified? ![]() With regard to the Log4j JNDI remote code execution vulnerability that has been identified CVE-2021-44228 - (also see references) - I wondered if Log4j-v1.2 is also impacted, but the closest I got from source code review is the JMS-Appender. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |