Re: Remote code execution exploit found in Log4j ..... -- MIDRANGE-L

Good News Everybody!

The new search engine is LIVE!

Please report any problems to david (at) midrange.com.

Subject: Re: Remote code execution exploit found in Log4j .....
From: Jack Woehr <jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 14 Dec 2021 11:15:06 -0700
List-archive: <https://archive.midrange.com/midrange-l/>
List-post: <mailto:midrange-l@lists.midrange.com>
List-subscribe: <https://lists.midrange.com/mailman/listinfo/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=subscribe>
List-unsubscribe: <https://lists.midrange.com/mailman/options/midrange-l>, <mailto:midrange-l-request@lists.midrange.com?subject=unsubscribe>

On Tue, Dec 14, 2021 at 10:59 AM David Gibbs via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

On 12/14/21 7:01 AM, Mayer, Michael via MIDRANGE-L wrote:

One thing to keep in mind ... some vendors repackage jar's so their
product is included in a single jar, with all the required classes
included (either as classes or jar's with a special class loader).

This is going to make it very difficult to detect if the vulnerable
classes are used.

This is true. AND sometimes their jars are themselves buried in .war and
.ear files.

PLUG: Us IBM i engineers at Absolute Performance can help with searching
for this stuff, also on Windows, Linux, AIX ...

Follow-Ups:

Re: Remote code execution exploit found in Log4j ..... , Brad Stone

This mailing list archive is Copyright 1997-2026 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.