You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Volkan Yazici (Jira)" <ji...@apache.org> on 2021/12/13 21:24:00 UTC
[jira] [Commented] (LOG4J2-3220) CVE-2021-44228
[ https://issues.apache.org/jira/browse/LOG4J2-3220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17458726#comment-17458726 ]
Volkan Yazici commented on LOG4J2-3220:
---------------------------------------
Log4j 1.x is not affected by CVE-2021-44228. This said, _an attacker having write access to the configuration files_ can alter the JMS appender setup in Log4j 1.x for exfiltration.
> CVE-2021-44228
> --------------
>
> Key: LOG4J2-3220
> URL: https://issues.apache.org/jira/browse/LOG4J2-3220
> Project: Log4j 2
> Issue Type: Question
> Components: API
> Affects Versions: 2.15.0
> Reporter: Abdullah AbuHijleh
> Priority: Major
>
> Hello,
>
> Regarding [CVE-2021-44228]can you please confirm it is not affecting Log4j 1.x because we still have many customers using it?
>
> Thanks
--
This message was sent by Atlassian Jira
(v8.20.1#820001)