Log4J vulnerability #8052
-
|
I have not found any signs of log4j in the netbox code and I am almost sure that the netbox is not affected by the log4j vulnerability but I wanted to ask officially. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 8 replies
-
|
log4j is a java library. Netbox is written in python, so no it is not vulnerable. |
Beta Was this translation helpful? Give feedback.
-
|
Redis is also not written in java as it says in your link, not sure what your point is. |
Beta Was this translation helpful? Give feedback.
-
|
Nginx is also not vulnerable: https://support.f5.com/csp/article/K19026212 |
Beta Was this translation helpful? Give feedback.
-
Well, Log4J has been ported and supports multiple languages including C, C++, Python, etc. |
Beta Was this translation helpful? Give feedback.
-
|
No, they are not called log4j, and they most definitely don't support jndi. Please let your security team handle this guys, there's clearly some basic knowledge missing here. |
Beta Was this translation helpful? Give feedback.
-
Thank you for the clarification. You are quite correct. |
Beta Was this translation helpful? Give feedback.
-
|
thanks for the feedback |
Beta Was this translation helpful? Give feedback.
-
|
You might be running the web service using apache (httpd) if yes then you will need to apply a mitigation. |
Beta Was this translation helpful? Give feedback.
-
|
No! Apache httpd is not written in java. Apache is a software foundation, which has hundreds of projects under its name. The project that is vulnerable is Apache log4j, which has nothing to do with the Apache http server. Again I would strongly advise that you consult your security team or an expert consultant if you have no experience. |
Beta Was this translation helpful? Give feedback.
log4j is a java library. Netbox is written in python, so no it is not vulnerable.