How do you know if the jar sitting on your system is a threat or not? For
example, say it's not being used today but someone installs a product
tomorrow or enables a service that uses it? It would seem that the
existence of the object at all in the "unfixed realm" would be a hit on the
list of vulnerabilities? Right? I am assuming protocol demands removal of
all unpatched copies, then comes my question, if we "find a few copies"
identifying what might use them seems challenging. Patching various
products is not going to be a near-term option for a lot of us. Any ideas
on a comprehensive approach? Overkill?
copied text "Any Log4J version prior to v2.15.0 is affected by this
specific issue.

The version 1 branch of Log4J is vulnerable to other RCE attacks and should
be updated."


Mark Villa

On Tue, Dec 14, 2021 at 7:23 AM Andrew Lopez (SXS US) <
Andrew.Lopez@xxxxxxxxxxxxxxxxxx> wrote:

This was helpful:

I will note that if you follow those directions, you are scanning for
version 2* of the software. That is not found on my V7R3 system, but
version log4j-1.2.15.jar is. That is an out of date version, per Apache,
and will not be addressed by them.

For those curious, I found it under

Spirax-Sarco Engineering Plc. This e-mail has been scanned for viruses by
Cisco Cloud Email Security.

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related

Help support by shopping at with our affiliate

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.