Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubi

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)

From: Shawn Heisey <eclipse@xxxxxxxxxxxx>
Date: Thu, 16 Dec 2021 18:25:42 -0700
Delivered-to: jetty-users@xxxxxxxxxxx
List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0

On 12/16/2021 2:27 PM, Bill Ross via jetty-users wrote:

It also seemed to explain why this java startup arg doesn't cause anerror with no log4j jar in my classpath:
    ‐Dlog4j2.formatMsgNoLookups=True

Adding a system property to Java startup will not *directly* cause anyproblems. For it to be a problem, something in the application wouldneed to be looking for that property, and that component would need toexplicitly do something (like throw an exception) to cause a problem.If nothing in the application is looking for that property, then itwon't matter if it's there.


Thanks,
Shawn

References:
- [jetty-users] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
  - From: Kumar, Amit (Noida)
- Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
  - From: Joakim Erdfelt
- Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
  - From: Bill Ross
- Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
  - From: Joakim Erdfelt
- Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
  - From: Bill Ross

Prev by Date: Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
Next by Date: Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
Previous by thread: Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
Next by thread: Re: [jetty-users] [jetty-dev] Jetty: Apache Log4j Tool : Zero Day in Ubiquitous Under Active Attack (CVE-2021-44228)
Index(es):
- Date
- Thread

Breadcrumbs