[Opensim-dev] Check if we are impacted by latest Zero-day exploiting Apache Log4j logging library
Teravus Ovares
teravus at gmail.com
Wed Dec 15 03:59:11 UTC 2021
FYI, also, what makes this bad for log4j is that you can use it to make a
jndi call to LDAP with a malicious payload.
log4net can't make a jndi call.. so it is not vulnerable. Even if it
is unchecked, it can't go anywhere.
On Tue, Dec 14, 2021 at 9:42 AM Michel Beauregard <gimisa at yahoo.fr> wrote:
> For further detail about the ACTUAL Zero-day log4j problem please relate
> to
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
>
>
>
>
> GiMiSa
> _______________________________________________
> Opensim-dev mailing list
> Opensim-dev at opensimulator.org
> http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
>
More information about the Opensim-dev
mailing list