xeraph
commented
2 years ago Which version do you mean, Log4j2 or Log4j 1?
Open arykov opened 2 years ago
xeraph
commented
2 years ago Which version do you mean, Log4j2 or Log4j 1?
arykov
commented
2 years ago Log4j2. References
lunasec detects based on hashes specified here. The fact they use hashes is beside the point, but have a look at the version/file combo
Palantir sniffer goes after JndiManager. Did not check their code
Cloudera goes after JndiLookup.class
Having looked at a number of scanning and remediation utilities some appear to remove JndiLookup, some JndiManager. It seems that JndiManager is the one that does the actual JNDI lookup in more recent versions, but there are paths that lead to its execution, other than from JndiLookup. JmsManager and JndiContextSelector are other examples. Is it worth whacking both JndiLookup and JndiManager? I suppose it will break JMS logging.