[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
David Turner
dturner at islandco.com
Wed Dec 15 13:55:59 EST 2021
SO if it tends to be "state actors" blocking those "states" or countries
may be the best option to start off.
On 12/15/2021 1:33 PM, Stephen Hoffman wrote:
> On 2021-12-15 17:51:26 +0000, David Turner said:
>
>> I wonder if there is anything that can be done in the .htaccess file
>
> Any data stream within any Java app that happens to incorporate the
> vulnerable logger is a potential vulnerability.
>
> Successfully blocking all of that that access via .htaccess from all
> potential sources is roughly equivalent to shutting down the app.
>
> Web application firewalls are failing at similar filtering tasks,
> given the variability and ease of masking the JNDI exploit text strings.
>
>
>
More information about the Info-vax
mailing list