CVE-2021-4104 - Noob Needs Some Advice

Support for security such as Firewalls and securing linux
Post Reply
shatnersbassoon
Posts: 5
Joined: 2022/08/18 17:05:38

CVE-2021-4104 - Noob Needs Some Advice

Post by shatnersbassoon » 2022/08/18 17:15:02

Hi Everyone, this is my first post so please go easy on me. I have tried to search for the above CVE but I dodn't have access to read the sole hit which was returned.

Anyway, I know there is log4j-1.2.17-17 which is more secure than the version I have here.

jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar

I also know that v1 has not been supported for some time.

But, is there a way I call tell if this specific jar needs either replacing with 1.2.17 or a v2?

jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar

The reason I ask is that this jar is in tmp which makes me think It could be deleted without impact? See, I told you I was a noob.

Thanks for any help.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2021-4104 - Noob Needs Some Advice

Post by TrevorH » 2022/08/18 21:04:40

Judging by the path involved, that's part of jboss which is another Red Hat product.

https://access.redhat.com/security/cve/cve-2021-4104
https://access.redhat.com/solutions/6577421

The second link can be read if you sign up for a free Red Hat Developer Subscription. For more information on the free Red Hat Developer subscription please see https://developers.redhat.com/blog/2016 ... available/ with instructions for renewal on https://developers.redhat.com/articles/ ... scription/ and T&C on https://developers.redhat.com/articles/ ... rise-linux#
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply