CVE-2021-4104 - Noob Needs Some Advice

[shatnersbassoon]

Hi Everyone, this is my first post so please go easy on me. I have tried to search for the above CVE but I dodn't have access to read the sole hit which was returned.

Anyway, I know there is log4j-1.2.17-17 which is more secure than the version I have here.

jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar

I also know that v1 has not been supported for some time.

But, is there a way I call tell if this specific jar needs either replacing with 1.2.17 or a v2?

jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar

The reason I ask is that this jar is in tmp which makes me think It could be deleted without impact? See, I told you I was a noob.

Thanks for any help.

[TrevorH]

Judging by the path involved, that's part of jboss which is another Red Hat product.

https://access.redhat.com/security/cve/cve-2021-4104
https://access.redhat.com/solutions/6577421

The second link can be read if you sign up for a free Red Hat Developer Subscription. For more information on the free Red Hat Developer subscription please see https://developers.redhat.com/blog/2016 ... available/ with instructions for renewal on https://developers.redhat.com/articles/ ... scription/ and T&C on https://developers.redhat.com/articles/ ... rise-linux#