WF Patch for Log4j Exploit?

walkerca Jan 7, 2020 2:36 PM

Hi,

Is there a patch for NVD - CVE-2019-17571 ? Is it just a matter of repacking org.jboss.log4j.logmanager with the latest log4j?

It looks like there is a ServerSocket.class packed with the module up to WF 18.

Thanks,

Carl

1. Re: WF Patch for Log4j Exploit?

walkerca Jan 10, 2020 4:08 PM (in response to walkerca)

It looks like this issue written against EAP

[JBEAP-16119] CVE-2017-5645 - log4j-core - Remote Code Execution (RCE) - Red Hat Issue Tracker
Actions
2. Re: WF Patch for Log4j Exploit?

walkerca Jan 13, 2020 10:38 AM (in response to walkerca)

This is a related ticket, but about Log4J 2. I asked if the 2019 Log4J vulnerability would be addressed.

[WFCORE-482] Add log4j2 support for WildFly - Red Hat Issue Tracker
Actions