[Ace] Log4J2 Zero day
Theo Larrieu
theo at jlab.org
Fri Dec 10 07:20:42 EST 2021
I imagine there will be email from Gnowicki before too long.
https://nvd.nist.gov/vuln/detail/CVE-2021-44228
https://arstechnica.com/information-technology/2021/12/minecraft-and-other-apps-face-serious-threat-from-new-code-execution-bug/
Our SOLR server might not be affected since it's so old it's probably using log4j1 rather than log4j2 that has all the extra networking options added. In any case, our firewall should block outgoing LDAP connections from solr.acc.jlab.org.
Any other internet facing Java applications using log4J will probably need to be evaluated and mitigated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.jlab.org/pipermail/ace/attachments/20211210/5961f43a/attachment.html>
More information about the Ace
mailing list