[Info-vax] Java, log4j, log4shell, and OpenVMS: CVE-2021-44228
Arne Vajhøj
arne at vajhoej.dk
Fri Jan 7 09:12:44 EST 2022
On 1/7/2022 3:05 AM, Phillip Helbig (undress to reply) wrote:
> In article <61d7945c$0$694$14726298 at news.sunsite.dk>,
> =?UTF-8?Q?Arne_Vajh=c3=b8j?= <arne at vajhoej.dk> writes:
>
>> On 1/6/2022 8:02 PM, John Reagan wrote:
>>> The trouble is that log4j is at such a low level, it is buried in packages that are
>>> buried in other packages that are buried in even more packages. It might take a
>>> while for all of that to be squeezed out.
>>
>> Yep.
>>
>> A large portion of impacted users do not know that they are using log4j.
>>
>> Heck - some of them may not even know they are using Java.
>
> Some might not even know that they are using a computer. :-)
For the cases I was thinking about - storage systems running some
management software - then they would know they were using a computer.
Arne
More information about the Info-vax
mailing list