log4j-detector icon indicating copy to clipboard operation
log4j-detector copied to clipboard

Published 20 hours ago verified publisher icon mergebase

detect JMS configuration in log4j 1.2.x

Open maxpunktezahl opened this issue 3 years ago • 1 comments

Hi,

for log4j 1.x mitigation it could be important, to scan for the file log4j.properties contens the string "JMS" because of

content like

#configuring the custom logger log4j.logger.com.apress.logging.log4j=DEBUG, JMS

#configuring the JMS appender log4j.appender.JMS=org.apache.log4j.net.JMSAppender log4j.appender.JMS.topicConnectionFactoryBindingName=TopicConnectionFactory log4j.appender.JMS.topicBindingName=loggingTopic

in log4j.properties could be a vulnaribility for log4j 1.x

And log4j.properties can be part of a jar or war file

Thx a lot 4 log4j_detector!

Andreas

maxpunktezahl avatar Dec 17 '21 16:12 maxpunktezahl

Neat idea !

juliusmusseau avatar Dec 17 '21 20:12 juliusmusseau