Log4j RCE 0-day mitigation - should keyhelp users be worried? [SOLVED]

[majorboobage]

I just got an emai from cloudflare, but unfortunately I couldn't find any information whether the panel uses log4j or not. Сan someone from the developers clarify? https://blog.cloudflare.com/cve-2021-44 ... itigation/

thanks!

[nikko]

I have checked on a clean system, I think, its not installed or enabled by default (liblog4j2-java).

More from the devs of KH.

[Tobi_BB21]

When I do

Code: Select all

egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log

I am getting as a result the keys of /var/log/apache2/keyhelp/other_vhosts_access.log. Is that something to be worried about or what can be done?

[Alexander]

KeyHelp itself does not use Java and therefore does not use this lib.

There may be additional software running on your server using Java, depending on the applications you are running, but they are not related to KeyHelp.

---

Code: Select all

egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log

I am getting as a result the keys of /var/log/apache2/keyhelp/other_vhosts_access.log. Is that something to be worried about or what can be done?

These are just bots trying to see if your server is vulnerable to an attack on this library.
You should ask yourself, do you use Java on your system? - Than it can either be ignored or you have to take necessary steps.

---

KeyHelp is running apt-get update && apt-get upgrade on a regular basis (see maintenance intervals in KeyHelp). Even if you have some Java applications on your server the issue should be fixed automatically soon.