Author Topic: Log4j Exploit??  (Read 4226 times)

0 Members and 1 Guest are viewing this topic.

Offline jayo84

  • Newbie
  • *
  • Join Date: Dec 2021
  • Posts: 2
  • Karma: 0
    • View Profile
Log4j Exploit??
« on: December 15, 2021, 08:04:41 am »
Is the repair tool affected by the Log4j exploit?

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Log4j Exploit??
« Reply #1 on: December 15, 2021, 08:24:47 am »
As you run Windows Repair in Safe Mode with Networking, it should be okay, but have you updated Log4j to version 2.15.0 to help mitigate the exploit ?

Offline neroilo

  • Full Member
  • ***
  • Join Date: Jun 2012
  • Posts: 186
  • Karma: 9
    • View Profile
Re: Log4j Exploit??
« Reply #2 on: December 15, 2021, 09:10:34 am »
No log4j file can be found in the Repair Tool, so it is unaffected.

By the way, the latest version to apply for other vulnerable products is here:
https://logging.apache.org/log4j/2.x/download.html
« Last Edit: December 27, 2021, 06:13:03 pm by neroilo »

Offline jayo84

  • Newbie
  • *
  • Join Date: Dec 2021
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Log4j Exploit??
« Reply #3 on: December 15, 2021, 09:33:53 am »
Thanks for the reply!

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Log4j Exploit??
« Reply #4 on: December 15, 2021, 09:45:11 am »
Thanks, neroilo - that was worth a Karma point from me.

Offline neroilo

  • Full Member
  • ***
  • Join Date: Jun 2012
  • Posts: 186
  • Karma: 9
    • View Profile
Re: Log4j Exploit??
« Reply #5 on: December 27, 2021, 05:52:07 pm »
Curiously Apache released a new version 2.17.1 to fix another flaw.
The download link is the same as before.
« Last Edit: December 28, 2021, 03:09:19 pm by neroilo »