0

Does there yet exist a list of software that is potentially affected by the Apache Log4jshell vulnerability (CVE-2021-44228) that was announced last Friday?

As someone managing a number of servers with lots of different software running on them it would be nice to have a list of potentially affected software. Not something overly detailed with versions, just anything with any affected version or even anything that might be affected.

To start off the list:

  • Apache Solr
  • Apache Tomcat
  • Apache Struts
  • Apache Druid
  • Apache Flink
  • Apache Swift
  • Elasticsearch
twhitney
  • 33
  • 6

1 Answers1

0

After further research I've found the following two lists which are being actively updated with information about possibly affected software:

CISA: https://github.com/cisagov/log4j-affected-db

NCSC: https://github.com/NCSC-NL/log4shell/blob/main/software/README.md

Please comment, edit, or add another answer with any other useful lists.

twhitney
  • 33
  • 6