I am feeling like a fish out of the water here.
I ran the SQL script and found 32 objects. They basically fall in to the
following groups:

/java/poi-4.1.2/lib/log4j-1.2.17.jar
/www/WSERVICE/lwi/runtime/webservicesmax/eclipse/plugins/WebServicesEngine/WEB-INF/classes/log4j.properties
/QIBM/ProdData/OS/WebServices/internal/engines/org.apache.axis2-15/WEB-INF/classes/log4j.properties
/QIBM/UserData/OS/ADMININST/admin4/wlp/usr/servers/admin4/workarea/org.eclipse.osgi/48/data/libcont/WebAdminLibs_1@xxxxxxxxxxxxxxxx
If I am reading these threads correctly, the ones in the QIBM folders just
wait for IBM to come out with some sort of fix/PTF.
I assume the www/WSERVICE same thing, wait for IBM to come out with some
sort of fix/PTF.
That brings us to the java/poi group. If I recall correctly I put these
for various projects. Do I need to remove these folders and reinstall an
updated version?

Kerwin

On Wed, Dec 15, 2021 at 8:22 AM Brad Stone <bvstone@xxxxxxxxx> wrote:

Its all IBM stuff. I'd wait for PTFs/fixes from them.

If you're not running any external servers (or only the IBM apache one) I
don't think you need to worry.

On Wed, Dec 15, 2021 at 1:17 AM Gad Miron <gadmiron@xxxxxxxxx> wrote:

Thanks David and thanks S.Frostie

Now, what do I do with the 41 objects found?

Samples:


/QIBM/WAS/IMFIXPACKS/IM/19100620210614_1906/FIXPACK/plugins/org.apache.ant_1.9.6.v201510161327/lib/ant-apache-log4j.jar



/QIBM/ProdData/WebSphere/AppServer/V85/Express/deploytool/itp/plugins/org.apache.axis_1.4.0.v201005080400/lib/log4j.properties



/QIBM/UserData/OS/ADMININST/admin2/wlp/usr/servers/admin2/workarea/org.eclipse.osgi/234/0/.cp/WEB-INF/lib/log4j-1.2.14.jar


Gad



date: Tue, 14 Dec 2021 11:59:02 -0600
from: David Gibbs via MIDRANGE-L <midrange-l@xxxxxxxxxxxxxxxxxx>
subject: Re: Remote code execution exploit found in Log4j .....

On 12/14/21 7:01 AM, Mayer, Michael via MIDRANGE-L wrote:
Good day everyone. This was on Linkedin last night from Scott Forstie
....

https://gist.github.com/forstie/9662d4c302f5224c66b7a4c409141a2c

One thing to keep in mind ... some vendors repackage jar's so their
product is included in a single jar, with all the required classes
included (either as classes or jar's with a special class loader).

This is going to make it very difficult to detect if the vulnerable
classes are used.

david

--
I'm riding in the American Diabetes Association's Tour de Cure to raise
money for diabetes research, education, advocacy, and awareness. You
can make a tax-deductible donation to my ride by visiting
https://mideml.diabetessucks.net.

You can see where my donations come from by visiting my interactive
donation map ... https://mideml.diabetessucks.net/map (it's a geeky
thing).



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) digest
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.