|
Its all IBM stuff. I'd wait for PTFs/fixes from them.
If you're not running any external servers (or only the IBM apache one) I
don't think you need to worry.
On Wed, Dec 15, 2021 at 1:17 AM Gad Miron <gadmiron@xxxxxxxxx> wrote:
Thanks David and thanks S.Frostie/QIBM/WAS/IMFIXPACKS/IM/19100620210614_1906/FIXPACK/plugins/org.apache.ant_1.9.6.v201510161327/lib/ant-apache-log4j.jar
Now, what do I do with the 41 objects found?
Samples:
/QIBM/ProdData/WebSphere/AppServer/V85/Express/deploytool/itp/plugins/org.apache.axis_1.4.0.v201005080400/lib/log4j.properties
/QIBM/UserData/OS/ADMININST/admin2/wlp/usr/servers/admin2/workarea/org.eclipse.osgi/234/0/.cp/WEB-INF/lib/log4j-1.2.14.jar
related
Gad
date: Tue, 14 Dec 2021 11:59:02 -0600list
from: David Gibbs via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx>
subject: Re: Remote code execution exploit found in Log4j .....
On 12/14/21 7:01 AM, Mayer, Michael via MIDRANGE-L wrote:
Good day everyone. This was on Linkedin last night from Scott Forstie....
https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c
One thing to keep in mind ... some vendors repackage jar's so their
product is included in a single jar, with all the required classes
included (either as classes or jar's with a special class loader).
This is going to make it very difficult to detect if the vulnerable
classes are used.
david
--
I'm riding in the American Diabetes Association's Tour de Cure to raise
money for diabetes research, education, advocacy, and awareness. You
can make a tax-deductible donation to my ride by visiting
https://mideml.diabetessucks.net.
You can see where my donations come from by visiting my interactive
donation map ... https://mideml.diabetessucks.net/map (it's a geeky
thing).
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) digest
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
listquestions.--
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx--
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
