How to mitigate CVE-2021-45105
Hi ,We are using Solr 7.7.3. How to apply fix for log4j third vulnerability CVE-2021-45105 in Solr ? Regards,
How to mitigate CVE-2021-45105 in Solr
Hi ,We are using Solr 7.7.3. How to apply fix for log4j third vulnerability CVE-2021-45105 in Solr ? Regards,
Re: How to mitigate CVE-2021-45105 in Solr
Please refer below link. https://solr.apache.org/security.html On Sun, 19 Dec 2021 at 8:10 AM, Kashif Mumtaz wrote: > Hi ,We are using Solr 7.7.3. How to apply fix for log4j third > vulnerability CVE-2021-45105 in Solr ? > Regards, > > >
Re: How do I determine which hardware device and software has log4j zero-day security vulnerability?
Hi, Thanks for the CISA github link. Regards, Mr. Turritopsis Dohrnii Teo En Ming Targeted Individual in Singapore 19 Dec 2021 Sunday On Fri, 17 Dec 2021 at 17:13, Aman Tandon wrote: > > Hi, > > Please see the list of affected softwares in below github link, this might > not be complete list. But there are many commonly used software products > used by the company. Hope that helps you. > > https://github.com/cisagov/log4j-affected-db > > Regards, > Aman > > On Thu, 16 Dec 2021, 20:09 Turritopsis Dohrnii Teo En Ming, < > ceo.teo.en.m...@gmail.com> wrote: > > > Subject: How do I determine which hardware device and software has > > log4j zero-day security vulnerability? > > > > Good day from Singapore, > > > > I am working for a Systems Integrator (SI) in Singapore. We have > > several clients writing in, requesting us to identify log4j zero-day > > security vulnerability in their corporate infrastructure. > > > > It seems to be pretty difficult to determine which hardware device and > > which software has the vulnerability. There seems to be no lists of > > hardware devices and software affected by the flaw any where on the > > internet. > > > > Could you refer me to definitive documentation/guides on how to > > identify log4j security flaw in hardware devices and software? > > > > Thank you very much for your kind assistance. > > > > Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021, > > is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant > > with a Systems Integrator (SI)/computer firm in Singapore. He is an IT > > enthusiast. > > > > > > > > > > > > -BEGIN EMAIL SIGNATURE- > > > > The Gospel for all Targeted Individuals (TIs): > > > > [The New York Times] Microwave Weapons Are Prime Suspect in Ills of > > U.S. Embassy Workers > > > > Link: > > https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html > > > > > > > > > > Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's > > Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts > > at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan > > (5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020): > > > > [1] https://tdtemcerts.wordpress.com/ > > > > [2] https://tdtemcerts.blogspot.sg/ > > > > [3] https://www.scribd.com/user/270125049/Teo-En-Ming > > > > -END EMAIL SIGNATURE- > >
Re: How to mitigate CVE-2021-45105 in Solr
https://solr.apache.org/security.html page is not mentioning anything about CVE-2021-45105 On Sunday, December 19, 2021, 05:15:15 PM GMT+4, ANNAMANENI RAVEENDRA wrote: Please refer below link. https://solr.apache.org/security.html On Sun, 19 Dec 2021 at 8:10 AM, Kashif Mumtaz wrote: > Hi ,We are using Solr 7.7.3. How to apply fix for log4j third > vulnerability CVE-2021-45105 in Solr ? > Regards, > > >
Re: How to mitigate CVE-2021-45105 in Solr
Read again. It is explicitly mentioned: https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 Jan Høydahl > 19. des. 2021 kl. 18:16 skrev Kashif Mumtaz : > > > https://solr.apache.org/security.html page is not mentioning anything about > CVE-2021-45105 > >On Sunday, December 19, 2021, 05:15:15 PM GMT+4, ANNAMANENI RAVEENDRA > wrote: > > Please refer below link. > > https://solr.apache.org/security.html > > > >> On Sun, 19 Dec 2021 at 8:10 AM, Kashif Mumtaz >> wrote: >> >> Hi ,We are using Solr 7.7.3. How to apply fix for log4j third >> vulnerability CVE-2021-45105 in Solr ? >> Regards, >> >> >>
Re: How to mitigate CVE-2021-45105
Solr's default logging config isn't vulnerable: https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 You'd have to go out of your way to configure logging to use such this vulnerable mechanism, and that isn't likely for Solr users to do so. ~ David Smiley Apache Lucene/Solr Search Developer http://www.linkedin.com/in/davidwsmiley On Sun, Dec 19, 2021 at 5:14 AM Kashif Mumtaz wrote: > Hi ,We are using Solr 7.7.3. How to apply fix for log4j third > vulnerability CVE-2021-45105 in Solr ? > Regards, > >
Re: How to mitigate CVE-2021-45105 in Solr
Thanks for mentioning ! I was checking the subject line only before. It is stating Apache Solr releases are not vulnerable to the followup CVE-2021-45046 and CVE-2021-45105.. On Sunday, December 19, 2021, 10:27:44 PM GMT+4, Jan Høydahl wrote: Read again. It is explicitly mentioned: https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 Jan Høydahl > 19. des. 2021 kl. 18:16 skrev Kashif Mumtaz : > > > https://solr.apache.org/security.html page is not mentioning anything about > CVE-2021-45105 > > On Sunday, December 19, 2021, 05:15:15 PM GMT+4, ANNAMANENI RAVEENDRA > wrote: > > Please refer below link. > > https://solr.apache.org/security.html > > > >> On Sun, 19 Dec 2021 at 8:10 AM, Kashif Mumtaz >> wrote: >> >> Hi ,We are using Solr 7.7.3. How to apply fix for log4j third >> vulnerability CVE-2021-45105 in Solr ? >> Regards, >> >> >>
