Log4j RCE 0-day mitigation - should keyhelp users be worried?  [SOLVED]

Locked
majorboobage
Posts: 37
Joined: Thu 26. Jul 2018, 08:51

Log4j RCE 0-day mitigation - should keyhelp users be worried?

Post by majorboobage »

I just got an emai from cloudflare, but unfortunately I couldn't find any information whether the panel uses log4j or not. Сan someone from the developers clarify? https://blog.cloudflare.com/cve-2021-44 ... itigation/

thanks!
nikko
Posts: 914
Joined: Fri 15. Apr 2016, 16:11

Re: Log4j RCE 0-day mitigation - should keyhelp users be worried?

Post by nikko »

I have checked on a clean system, I think, its not installed or enabled by default (liblog4j2-java).

More from the devs of KH.
The software said: Requires Win Vista®, 7®, 8® or better. And so I installed Linux.
User avatar
Tobi_BB21
Posts: 110
Joined: Thu 17. May 2018, 17:05

Re: Log4j RCE 0-day mitigation - should keyhelp users be worried?

Post by Tobi_BB21 »

When I do

Code: Select all

egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log
I am getting as a result the keys of /var/log/apache2/keyhelp/other_vhosts_access.log. Is that something to be worried about or what can be done?
User avatar
Alexander
Keyweb AG
Posts: 3810
Joined: Wed 20. Jan 2016, 02:23

Re: Log4j RCE 0-day mitigation - should keyhelp users be worried?  [SOLVED]

Post by Alexander »

KeyHelp itself does not use Java and therefore does not use this lib.

There may be additional software running on your server using Java, depending on the applications you are running, but they are not related to KeyHelp.

---
Tobi_BB21 wrote: Sat 11. Dec 2021, 21:55

Code: Select all

egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log
I am getting as a result the keys of /var/log/apache2/keyhelp/other_vhosts_access.log. Is that something to be worried about or what can be done?
These are just bots trying to see if your server is vulnerable to an attack on this library.
You should ask yourself, do you use Java on your system? - Than it can either be ignored or you have to take necessary steps.

---

KeyHelp is running apt-get update && apt-get upgrade on a regular basis (see maintenance intervals in KeyHelp). Even if you have some Java applications on your server the issue should be fixed automatically soon.
Mit freundlichen Grüßen / Best regards
Alexander Mahr

**************************************************************
Keyweb AG - Die Hosting Marke
Neuwerkstr. 45/46, 99084 Erfurt / Germany
http://www.keyweb.de - http://www.keyhelp.de
**************************************************************
Locked