Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

detect JMS configuration in log4j 1.2.x #47

Open
maxpunktezahl opened this issue Dec 17, 2021 · 1 comment
Open

detect JMS configuration in log4j 1.2.x #47

maxpunktezahl opened this issue Dec 17, 2021 · 1 comment

Comments

@maxpunktezahl
Copy link

maxpunktezahl commented Dec 17, 2021
edited
Loading

Hi,

for log4j 1.x mitigation it could be important, to scan for the file log4j.properties contens the string "JMS" because of

content like

#configuring the custom logger
log4j.logger.com.apress.logging.log4j=DEBUG, JMS

#configuring the JMS appender
log4j.appender.JMS=org.apache.log4j.net.JMSAppender
log4j.appender.JMS.topicConnectionFactoryBindingName=TopicConnectionFactory
log4j.appender.JMS.topicBindingName=loggingTopic

in log4j.properties could be a vulnaribility for log4j 1.x

And log4j.properties can be part of a jar or war file

Thx a lot 4 log4j_detector!

Andreas
@juliusmusseau
Copy link
Contributor

Neat idea !

@juliusmusseau juliusmusseau changed the title a little feature request detect JMS configuration in log4j 1.2.x Dec 20, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maxpunktezahl @juliusmusseau