[英]multiple webapp with Log4j log file on a single apache server
[英]Can Apache HTTP Server allow reverse shelling thanks to the new Log4j vulnerability?
I have an Apache HTTP Server installed on a Centos 8 machine, I would like to know if it uses the Log4j library by virtue of the new vulnerability discovered that is compromising many servers on the web. 如果是这样,解决的程序是什么? From my analysis I could see from the repository (svn.apache.org/repos/asf/httpd/httpd/) that the language used is C, XML so I imagine that it does not use Log4j for tracking the logs, but projects those与有源模块有关。 谢谢你。
不, Apache httpd
和Apache log4j
除了都由 ZE9713AE04A02A827 基金会发布之外没有任何共同点。
Apache log4j
由 Java 编写的软件使用。Apache httpd
没有写在 Java 中。Apache httpd
不使用 Apache log4j。Apache httpd
不受CVE-2021-44228 约束。 Note that an Apache httpd
instance could be used as a reverse proxy in front of an http server using Java and log4j, but that's like saying a router is vulnerable because there's a server somewhere behind it that is.
您还可以在使用 log4j 的盒子上运行其他软件,但这不会是Apache httpd
直接。
There's a lot of confusion around because many people call Apache httpd
just Apache
(for historical reasons), but Apache
is the foundation which publishes Apache httpd
and Apache log4j
(and dozens of other projects).
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.