[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228

[Stephen Hoffman]

On 2021-12-15 17:51:26 +0000, David Turner said:

> I wonder if there is anything that can be done in the .htaccess file

Any data stream within any Java app that happens to incorporate the 
vulnerable logger is a potential vulnerability.

Successfully blocking all of that that access via .htaccess from all 
potential sources is roughly equivalent to shutting down the app.

Web application firewalls are failing at similar filtering tasks, given 
the variability and ease of masking the JNDI exploit text strings.



-- 
Pure Personal Opinion | HoffmanLabs LLC