If you aren't able to get the "fixed" version of the jar that fixes the
vulnerability, I would suggest adding this to your Java Options for Tomcat:
-Dlog4j2.formatMsgNoLookups=true
Thanks,
Dream * Excel * Explore * Inspire
Jon McAlexander
Infrastructure Engineer
Asst Vice President
Middleware
Is there a way to forcibly prevent a library from loading in Tomcat during
startup that will also prevent an app from loading the library?
Trying to findĀ a way to block vulnerabilities.
Thanks,
Sent with BlackBerry Work (www.blackberry.com)
A customer brought this to my attention:
https://www.randori.com/blog/cve-2021-44228/
I have no idea how (or if) Tomcat is affected. I have only the vaguest
idea what this vulnerability even *is.*
Can anybody here shed any light?
--
JHHL
-
James,
On 12/10/21 11:52, James H. H. Lampert wrote:
On 12/10/21 8:38 AM, Mark Thomas wrote:
. . .
The messages are there to warn you that you might have a malicious
actor trying a brute force attack on your server.
Can anybody point me to a good tutorial for constructing a regular
expressio
On 12/10/21 8:38 AM, Mark Thomas wrote:
. . .
The messages are there to warn you that you might have a malicious actor
trying a brute force attack on your server.
Can anybody point me to a good tutorial for constructing a regular
expression for RemoteAddrValve?
allow="127\.\d+\.\d+\.\d+|::1
On 10/12/2021 16:25, James H. H. Lampert wrote:
Could anybody here shed some light on this message? A whole bunch of
them appeared in catalina.out.
WARNING [https-jsse-nio-443-exec-29]
org.apache.catalina.realm.LockOutRealm.filterLockedAccounts An attempt
was made to authenticate the locked u
Could anybody here shed some light on this message? A whole bunch of
them appeared in catalina.out.
WARNING [https-jsse-nio-443-exec-29]
org.apache.catalina.realm.LockOutRealm.filterLockedAccounts An attempt
was made to authenticate the locked user [user]
--
JHHL
---
