stoeps
  • Links
  • Tools I Use
  • Categories
  • Tags
  • Public Speaking
    • Talks 2022
    • Talks 2021
    • Talks 2020
    • Talks 2019
    • Talks 2018
    • Talks 2017
    • Talks 2016
    • Talks 2015 and before
  • About me

log4shell

Card image cap

Log4j how to find out if an application has it included

Update 2021-12-13 2021-12-15

  • Elasticsearch: Apache Log4j2 Remote Code Execution (RCE) Vulnerability - CVE-2021-44228 - ESA-2021-31
  • HCL: CVE-2021-44228 : Security Advisory
  • IBM: Security Bulletin: Vulnerability in Apache Log4j affects WebSphere Application Server (CVE-2021-44228)
  • Security Bulletin: HCL Connections Security Update for Apache Log4j 2 Vulnerability (CVE-2021-44228)
  • CVE-2021-45046: It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete in certain non-default configurations.

So there is a fix for kc.war which updates the log4j 2.8 to 2.15, Elasticsearch in Component Pack has log4j 2.8 and 2.11 included but is not vulnerable because of additional security settings.

Created: 11. December 2021
Last Update: 15. December 2021
Read in about 5 min
  • Privacy Policy
  • Legal Notice
  • Impressum
  • RSS
Creative Commons License

All content created by me, is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License unless noted otherwise

Blog content © Christoph Stoettner, comment content copyright belongs to the original authors.