stating that the presence of tomcat alone would
open up another attack vector through log4j2.
Best regards,
David
-Original Message-
From: Juri Berlanda
Sent: Monday, 13 December 2021 16:03
To: users@tomcat.apache.org
Subject: Re: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs compile time
> From: Juri Berlanda
> Sent: 13 December 2021 15:03
> Subject: [External] Re: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs
> compile time Java version
> Hi,
> we were affected - we use an AccessLogValve, which logs to Log4j2 and we
> use Log4j as java.util.logging L
-44228 Log4j 2 Vulnerability - Runtime vs compile time
Java version
Hi,
we were affected - we use an AccessLogValve, which logs to Log4j2 and we use
Log4j as java.util.logging LogManager. We already patched, but only on Saturday.
In any case: in a lot of places I saw "recent JRE versions h
There have been multiple Patches for RMI and LDAP over time in Java.
The first article states which attack (from the one the researcher analyzed)
was possible in which version.
https://www.veracode.com/blog/research/exploiting-jndi-injections-java
https://github.com/mbechler/marshalsec/
If th
Hi,
we were affected - we use an AccessLogValve, which logs to Log4j2 and we
use Log4j as java.util.logging LogManager. We already patched, but only
on Saturday.
In any case: in a lot of places I saw "recent JRE versions have a
mitigation in place", but I can't seem to find which JRE version
:36
To: users@tomcat.apache.org
Subject: [External] Re: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs
compile time Java version
On 13/12/2021 09:21, David Weisgerber wrote:
> Hi,
> as far as I read through the details, it is a runtime option of the JRE. So,
> it does not need any recompila
Tim,
Adding to what others have posted...
On 12/13/21 03:57, Scott,Tim wrote:
Suspecting that someone here knows the answer immediately, I thought I’d
ask.
If you do not know the answer, please don’t spend any time
investigating: I’ll do that later today and update everyone whether or
not I
that you address
this issue with the log4j2 update or configuration.
Mark
Best regards,
David
From: Scott,Tim
Sent: Monday, 13 December 2021 09:57
To: users@tomcat.apache.org
Subject: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs compile time Java
version
Hi all,
Suspecting that
: users@tomcat.apache.org
Subject: CVE-2021-44228 Log4j 2 Vulnerability - Runtime vs compile time Java
version
Hi all,
Suspecting that someone here knows the answer immediately, I thought I’d ask.
If you do not know the answer, please don’t spend any time investigating: I’ll
do that later today
Hi all,
Suspecting that someone here knows the answer immediately, I thought I'd ask.
If you do not know the answer, please don't spend any time investigating: I'll
do that later today and update everyone whether or not I find an answer.
Our security team advise that "Certain versions of the Ja
10 matches
Mail list logo
