![](/img/trans.png)
[英]multiple webapp with Log4j log file on a single apache server
[英]Can Apache HTTP Server allow reverse shelling thanks to the new Log4j vulnerability?
I have an Apache HTTP Server installed on a Centos 8 machine, I would like to know if it uses the Log4j library by virtue of the new vulnerability discovered that is compromising many servers on the web. 如果是這樣,解決的程序是什么? From my analysis I could see from the repository (svn.apache.org/repos/asf/httpd/httpd/) that the language used is C, XML so I imagine that it does not use Log4j for tracking the logs, but projects those與有源模塊有關。 謝謝你。
不, Apache httpd
和Apache log4j
除了都由 ZE9713AE04A02A827 基金會發布之外沒有任何共同點。
Apache log4j
由 Java 編寫的軟件使用。Apache httpd
沒有寫在 Java 中。Apache httpd
不使用 Apache log4j。Apache httpd
不受CVE-2021-44228 約束。 Note that an Apache httpd
instance could be used as a reverse proxy in front of an http server using Java and log4j, but that's like saying a router is vulnerable because there's a server somewhere behind it that is.
您還可以在使用 log4j 的盒子上運行其他軟件,但這不會是Apache httpd
直接。
There's a lot of confusion around because many people call Apache httpd
just Apache
(for historical reasons), but Apache
is the foundation which publishes Apache httpd
and Apache log4j
(and dozens of other projects).
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.