RE: Remote code execution exploit found in Log4j

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

Subject: RE: Remote code execution exploit found in Log4j - CVE-2021-44228
From: Greg Wilburn <gwilburn@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Dec 2021 13:48:58 +0000
List-archive: <https://archive.midrange.com/midrange-l/>
List-post: <mailto:midrange-l@lists.midrange.com>
List-subscribe: <https://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=subscribe>
List-unsubscribe: <https://lists.midrange.com/mailman/options/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=unsubscribe>

So how do we know whether our system is affected by this?
Does this apply to all Apache instances?

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Rob Berendt
Sent: Monday, December 13, 2021 7:27 AM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Remote code execution exploit found in Log4j - CVE-2021-44228

Anyone see any issues with following the recommendation by Jesse Gorzinski at
https://twitter.com/IBMJesseG/status/1470236777579532292

<snip>
ADDENVVAR ENVVAR(JAVA_TOOL_OPTIONS) VALUE('-Dlog4j2.formatMsgNoLookups=true') REPLACE(*YES) LEVEL(*SYS)
Might be a good idea until the impact assessment is complete
</snip>

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

Follow-Ups:

Re: Remote code execution exploit found in Log4j - CVE-2021-44228 , Kevin Bucknum

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.