CVE-2021-4104 - Noob Needs Some Advice
Posted: 2022/08/18 17:15:02
Hi Everyone, this is my first post so please go easy on me. I have tried to search for the above CVE but I dodn't have access to read the sole hit which was returned.
Anyway, I know there is log4j-1.2.17-17 which is more secure than the version I have here.
jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar
I also know that v1 has not been supported for some time.
But, is there a way I call tell if this specific jar needs either replacing with 1.2.17 or a v2?
jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar
The reason I ask is that this jar is in tmp which makes me think It could be deleted without impact? See, I told you I was a noob.
Thanks for any help.
Anyway, I know there is log4j-1.2.17-17 which is more secure than the version I have here.
jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar
I also know that v1 has not been supported for some time.
But, is there a way I call tell if this specific jar needs either replacing with 1.2.17 or a v2?
jboss-eap-6.4/standalone/tmp/vfs/deployment/deploymentab10ba5aa1bf50e3/log4j-1.2.14.jar-fc466be46280c55b/log4j-1.2.14.jar
The reason I ask is that this jar is in tmp which makes me think It could be deleted without impact? See, I told you I was a noob.
Thanks for any help.