Re: log4j trivial RCE (similar to ShellShock) - "Log4Shell" CVE-2021-44228
David W. Monroe
https://www.youtube.com/watch?v=oC2PZB5D3Ys [youtube.com]
Thank you,
Dave
To request Hardware or software, please use the form, available as a Word document, located at CTG HW-SW Request Form. For account changes and file server access, please use the form CTG User Access Request Form located in the same location. For support issues/requests you are welcome to and encouraged to contact the CTG Help Desk @ 1-800-544-9071 (from inside the CTG office x3556). If they are unable to help you solve the problem, they will escalate a Remedy ticket regarding your problem to someone that can assist you further. You may also contact the Help Desk via email. They are listed in the CTG Global Address List as "Helpdesk".
From: nuga@groups.io <nuga@groups.io>
On Behalf Of Royce Williams
Hi, Mike - Good question. log4j 1.x is not vulnerable to the "Log4Shell" vulnerability itself, per its author. However, it is vulnerable to a number of other issues, and is no longer supported by the authors. So for any product with Hi, Mike -
Good question. log4j 1.x is not vulnerable to the "Log4Shell" vulnerability itself, per its author. However, it is vulnerable to a number of other issues, and is no longer supported by the authors. So for any product with 1.x still integrated, that parent products' vendors should be asked questions about upgrade plans.
-- Royce
On Sun, Dec 12, 2021 at 7:25 PM Mike <tibor@...> wrote:
The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you are not the intended recipient of this message, please contact the sender and delete this material from this computer. Computer Task Group, Inc.’s privacy statements may be found via www.ctg.com/privacy-policy and www.ctg.com/privacy-shield.
|
||||||||||||
|