Skip to main content

Questions tagged [log4j]

0 votes
2 answers
490 views

Im no expert at IT or apache but I have used linux for years. Ive done my best to harden/secure my server online which I use for a mobile app which needs to serve up its content etc. Ive noticed some ...
Tim's user avatar
  • 203
0 votes
1 answer
32k views

My vulnerability scanner recently flagged an unsupported installation of Apache Log4j in a version of MS SQL we just recently deployed (SQL 2019). It causes two high-priority findings that I must get ...
The ITea Guy's user avatar
0 votes
0 answers
2k views

So I recently got a mail about updating to the latest security update to the Apache software installed on my server (vulnerability (CVE-2021-44228 & CVE-2021-45046) related to Apache Log4j), but ...
Mads Sander Høgstrup's user avatar
4 votes
1 answer
3k views

I installed a preview version of Kafka 3.0 with log4j2 support (http://home.apache.org/~dongjin/post/apache-kafka-log4j2-support/) on a RHEL 8 server. Kafka and Zookeeper are running successfully as ...
Cabbage Parachute's user avatar
0 votes
0 answers
44 views

I want to detect all nested wars and jars containing the log4j library. I have jboss/wildfly services. I started to find out with 'locate | grep', but it shows me only tmp directories, not exactly war/...
grU's user avatar
  • 1
1 vote
1 answer
626 views

I can't find any info on whether specific versions of JRE are impacted? The app on my Windows Server 2012 uses JRE 1.8.0.x (1.8.0_91) but not sure if if uses Log4j logging service. Can anyone help ...
Chris's user avatar
  • 11
2 votes
2 answers
4k views

I have a Windows Server 2012 R2 machine. What is the best way to search for log4j. Is it enough with a simple file search or can these files be used from inside a container. I have done a file search ...
Jan Lauridsen's user avatar
0 votes
1 answer
207 views

Does there yet exist a list of software that is potentially affected by the Apache Log4jshell vulnerability (CVE-2021-44228) that was announced last Friday? As someone managing a number of servers ...
twhitney's user avatar
  • 133
2 votes
1 answer
5k views

Trying to learn more about the recently discovered 0 day exploit This is a list of affected software I found -> https://github.com/NCSC-NL/log4shell/tree/main/software It only says nginx in a note ...
Rohan's user avatar
  • 145
0 votes
1 answer
327 views

I'm running a PowerDNS on Linux. It looks like PowerDNS is vulnerable to the new log4j-exploit. Is there any way I can disable the Log4j? From my research it looks like you can change the logging ...
Halsi's user avatar
  • 87
1 vote
1 answer
667 views

I am using a kong reverse proxy to proxy every HTTP request for my web servers. I would like to mitigate the current log4j problem ("log4shell") by finding and replace the critical attacers' ...
dsteinkopf's user avatar
69 votes
11 answers
228k views

I have read about security vulnerabilities related to Log4j. How do I check if Log4j is installed on my server? My specific servers use Ubuntu 18.04.6 LTS. I have installed many third-party packages ...
Uri's user avatar
  • 948
0 votes
0 answers
239 views

I am currently using log4j library in java to post logs onto syslog but those logs always show "localhost" for hostname instead of the device's actual name. This only happens when i send log from my ...
Syed Muhammad Oan's user avatar
0 votes
1 answer
417 views

Application running on Tomcat is using log4j for some unknown reason is appending (randomly) new log lines somewhere in the middle of the log file log4j.properites looks like: log4j.rootLogger=INFO, ...
JackTheKnife's user avatar
2 votes
0 answers
2k views

I have found a tutorial for logging from tomcat to syslog using log4j: https://www.badllama.com/content/tomcat-7-logging-syslog-log4j Sadly this doesn't work anymore in tomcat 8.5. As stated in the ...
BenjaminH's user avatar
  • 121

15 30 50 per page