Home > OS >  Does log4j security violation vulnerability affect log4net?
Does log4j security violation vulnerability affect log4net?

Time:12-18

I have recently read about the 0 day issue in Log4J. I work with a few applications, written with .NET, that use the log4net logging library, which is based on Log4j.

Does log4net have any similar security vulnerabilities as the CVE-2021-44228 vulnerability to log4j?

CodePudding user response:

So appearently is has to use JNDI and JVM. Ports are clear if they don't use those.

https://security.stackexchange.com/questions/257873/does-cve-2021-44228-impact-log4j-ports

CodePudding user response:

No, it is specific to Log4j-core. Please see, https://nvd.nist.gov/vuln/detail/CVE-2021-44228

CodePudding user response:

Does log4net have any similar security vulnerabilities as the CVE-2021-44228 vulnerability to log4j?

I don't believe so. If they did, it would be a coincidence. I don't think they share code.

CodePudding user response:

https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2021-44228

and

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-44228

have the following note:

Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

So, no. Log4Net is fine.

Page link:https//www.codepudding.com/os/232176.html

Prev:How can I make it difficult for me to modify my own code?
Next:How to check special conditions before saving data with Hibernate
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding