0

So I recently got a mail about updating to the latest security update to the Apache software installed on my server (vulnerability (CVE-2021-44228 & CVE-2021-45046) related to Apache Log4j), but how can I detect where this log4j is used?

When I run cmd: java --version I get:

enter image description here

Then I found a github log4j script checker: ./wget.exe https://raw.githubusercontent.com/rubo77/log4j_checker_beta/main/lo g4j_checker_beta.sh -q -O - |bash , but it didn't tell me that much

enter image description here

Is there another command I could run, to check where this log4j need to be updated on my server?

I do run XAMPP on this machine, but are log4j used here?

Mads Sander Høgstrup
  • 111
  • 2
  • Does this answer your question? [How to scan for log4j on Windows Server](https://serverfault.com/questions/1087504/how-to-scan-for-log4j-on-windows-server) – Gerald Schneider Jan 10 '22 at 09:55
  • Maybe you don't have the vulnerability on this server? You could try a simple file search for any file name containing 'log4j' or *.jar. But this will not be definitive. – Daniel K Jan 10 '22 at 11:21
  • I tried Geralds link, and found this file: `Files/Amazon_Corretto/jdk11.0.11_9/lib/jrt-fs.jar ` How can i see if this uses log4j? – Mads Sander Høgstrup Jan 10 '22 at 11:37

0 Answers0