This is helpful information. Unfortunately while the 1.2.17 version can be mitigated it is no longer supported and thus needs to be removed from our environment.
Are you aware of any efforts to mitigate this further by replacing the older version with 2.17.0 version?
Search found 2 matches
- Wed Dec 29, 2021 1:25 pm
- Forum: Nagios Log Server
- Topic: Can I uninstall Log4j from my cluster
- Replies: 24
- Views: 15952
- Tue Dec 28, 2021 9:11 am
- Forum: Nagios Log Server
- Topic: Can I uninstall Log4j from my cluster
- Replies: 24
- Views: 15952
Re: Can I uninstall Log4j from my cluster
Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103) from Nessus. Path : /usr/local/nagioslogserver/elasticsearch/lib/log4j-1.2.17.jar Installed version : 1.2.17 Fixed version : 2.16.0 While the 1.2.17 version was not vulnerable before we are now seeing this vulnerability. Loo...