[Info-vax] VSI Comments on OpenVMS-related Log4j2 vulnerability (CVE-2021-44228)
hb
end.of at inter.net
Wed Dec 15 12:52:25 EST 2021
On 12/15/21 6:11 PM, Stephen Hoffman wrote:
> Seems that VSI and HPE Java distributions and VSI and HPE Tomcat are
> affected and either need to be zip-mitigated, or needs to be updated as
> that becomes available, based on that notice, too.
As far as I know, VSI and HPE Tomcat, aka CSWS_JAVA, are based on Apache
Tomcat and the latter is not affected:
https://cwiki.apache.org/confluence/display/TOMCAT/Security#Security-Q13.
Whether applications deployed to Tomcat use log4j2 is a different question.
More information about the Info-vax
mailing list