Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Is Log4jShell exploitable for a simple Java CLI
1 point by ninju on Jan 4, 2022 | hide | past | favorite | 1 comment
Everything I’ve being reading about the log4j shell vulnerability all have the assumption that process is a flavor of a ‘webserver’ (i.e. a long running process that listens on ports).

I have a simple JAVA process that executes a series of operations (e.g. file manipulations), logs the processing with log4j and then terminates. Is there any exposure to injection in this scenario?

Not trying to avoid mitigation or remediation tasks but trying to prioritize my workload



If someone/something can affect what is sent to/processed by your instance of log4j, then your code is vulnerable. It is important to understand that Log4j have more to do with java than 'web servers': - Some web servers might use log4j, but most don't use it as a standard component/module. - Log4j is a very popular module for logging purposers when using java.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: