You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@directory.apache.org by Pe...@RUV.de on 2021/12/21 17:41:30 UTC
Apache Directory Studio 2.0.0.v20151221-M10 prone to CVE-2021-44228
Hello,
could you please give us a short information if Apache Directory Studio is prone to CVE-2021-44228.
We have seen that a log4j is included
./Apache Directory Studio\plugins\org.apache.ant_1.9.2.v201404171502\lib\ant-apache-log4j.jar
But we don't know if it has any impact in respect to the security issue.
Best regards,
Peter Brodt
R+V Allgemeine Versicherung AG
ZI-SE-E1-EW
Abraham-Lincoln-Str. 21/R307
65189 Wiesbaden
#gerneperdu
Telefon: +49 611 533-3902
Telefax: +49 611 533-773902
Mobil: +49 176 43952053
E-Mail: Peter.Brodt@RUV.de
Internet: www.ruv.de
R+V Allgemeine Versicherung AG, Vorsitzender des Aufsichtsrats: Generaldirektor Dr. Norbert Rollinger.
Vorstand: Dr. Edgar Martin, Vorsitzender; Jens Hasselbächer, Tillmann Lukosch, Julia Merkel, Marc René Michallet.
Sitz: Raiffeisenplatz 1, 65189 Wiesbaden, Handelsregister Nr. HRB 2188, Amtsgericht Wiesbaden, USt-IdNr. DE 811198334
Bitte drucken Sie nur, was Sie wirklich brauchen.
Re: Apache Directory Studio 2.0.0.v20151221-M10 prone to CVE-2021-44228
Posted by Stefan Seelmann <ma...@stefan-seelmann.de>.
Hi Peter,
first of all to be clear, you ask about a 6 year old version of Apache
Directory Studio, correct?
I looked into that jar, it's the Apache Ant Log4 Listener only. The
log4j library itself is not included (neither in version 1 nor 2).
```
$ unzip -l
./plugins/org.apache.ant_1.9.2.v201404171502/lib/ant-apache-log4j.jar
Archive:
./plugins/org.apache.ant_1.9.2.v201404171502/lib/ant-apache-log4j.jar
Length Date Time Name
--------- ---------- ----- ----
0 2013-07-08 20:17 META-INF/
432 2013-07-08 20:17 META-INF/MANIFEST.MF
0 2013-07-08 20:16 org/
0 2013-07-08 20:16 org/apache/
0 2013-07-08 20:17 org/apache/tools/
0 2013-07-08 20:17 org/apache/tools/ant/
0 2013-07-08 20:17 org/apache/tools/ant/listener/
3446 2013-07-08 20:17
org/apache/tools/ant/listener/Log4jListener.class
15289 2013-07-08 20:16 META-INF/LICENSE.txt
218 2013-07-08 20:16 META-INF/NOTICE.txt
--------- -------
19385 10 files
```
Kind regards,
Stefan
On 12/21/21 18:41, Peter.Brodt@RUV.de wrote:
> Hello,
>
> could you please give us a short information if Apache Directory Studio is prone to CVE-2021-44228.
> We have seen that a log4j is included
>
> ./Apache Directory Studio\plugins\org.apache.ant_1.9.2.v201404171502\lib\ant-apache-log4j.jar
>
> But we don't know if it has any impact in respect to the security issue.
>
> Best regards,
>
> Peter Brodt
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org