CVE-2021-44228

[jabi27]

Hi
Is Nagios and/or the ELK stack affected by CVE-2021-44228 ?

Best

Jan

[CBoekhuis]

I also would like a reply on this matter, a swift reply from Nagios would be appreciated.

Grtz. Hans

[mka]

I am also interested here, if XI is affected by this vulnerability.

[mka]

I would also like to know, if Nagios XI is affected.

[vconnected]

Me too!

Code: Select all

[root@nagiosls /]# find / -name *log4j*

/usr/local/nagioslogserver/elasticsearch/lib/apache-log4j-extras-1.2.17.jar
/usr/local/nagioslogserver/elasticsearch/lib/log4j-1.2.17.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-jms-1.2.0-java/test/log4j.properties
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch_java-2.1.3/vendor/jar-dependencies/runtime-jars/apache-log4j-extras-1.2.17.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-output-elasticsearch_java-2.1.3/vendor/jar-dependencies/runtime-jars/log4j-1.2.17.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.14-java/vendor/jar-dependencies/log4j
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.14-java/vendor/jar-dependencies/log4j/log4j
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-beats-3.1.14-java/vendor/jar-dependencies/log4j/log4j/1.2.17/log4j-1.2.17.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/zk-1.9.6/spec/log4j.properties
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-log4j-2.0.7-java
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-log4j-2.0.7-java/logstash-input-log4j.gemspec
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-log4j-2.0.7-java/vendor/jar-dependencies/runtime-jars/log4j-1.2.17.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-log4j-2.0.7-java/lib/logstash/inputs/log4j.rb
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/logstash-input-log4j-2.0.7-java/lib/logstash-input-log4j_jars.rb
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/org/slf4j/slf4j-log4j12
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/org/slf4j/slf4j-log4j12/1.7.13/slf4j-log4j12-1.7.13.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/log4j
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/log4j/log4j
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/jruby-kafka-1.5.0-java/lib/log4j/log4j/1.2.17/log4j-1.2.17.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/zookeeper-1.4.11-java/spec/log4j.properties
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/slyphon-log4j-1.2.15
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/slyphon-log4j-1.2.15/log4j.gemspec
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/slyphon-log4j-1.2.15/lib/log4j-1.2.15.jar
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/slyphon-log4j-1.2.15/lib/log4j.rb
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/gems/slyphon-log4j-1.2.15/lib/log4j
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/specifications/slyphon-log4j-1.2.15.gemspec
/usr/local/nagioslogserver/logstash/vendor/bundle/jruby/1.9/specifications/logstash-input-log4j-2.0.7-java.gemspec

[smlushing]

I would like to know ASAP also

[danniiffxi]

I would also like to know.

From what I can see log4j is not used on Nagios XI, but is on Nagios Log.

[DoIT-Systems]

add another concerned customer to the list of would like to know...

[prashanthan1987]

Anyone from Nagios support to share the updates quickly on this subject matter

[pnnagios]

Another customer using Nagios XI, that would like to know if we are affected by this vulnerability.
Thank you.