[
https://issues.apache.org/jira/browse/LOG4J2-3233?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17459649#comment-17459649
]
Boris commented on LOG4J2-3233:
-------------------------------
Greetings.
The checksum of the most prevalent version we have is
[wasadmin@wtuffo0106 NOV-TSTB-AppSrv01]$ sum
installedApps/NOV-TSTB-DmgrCell01/custom-webapp_war.ear/custom-webapp.war/WEB-INF/lib/log4j-6.07.00.jar
07586 350
[wasadmin@wtuffo0106 .log4hcheck]$ cp -p
../installedApps/NOV-TSTB-DmgrCell01/custom-webapp_war.ear/custom-webapp.war/WEB-INF/lib/log4j-6.07.00.jar
.
[wasadmin@wtuffo0106 .log4hcheck]$ /opt/tstb/WebSphere/AppServer/java/bin/jar
xvf log4j-6.07.00.jar META-INF
created: META-INF/
inflated: META-INF/MANIFEST.MF
[wasadmin@wtuffo0106 .log4hcheck]$ more META-INF/MANIFEST.MF
Manifest-Version: 1.0
Ant-Version: Apache Ant 1.6.4
Created-By: 1.3.1_16-b06 (Sun Microsystems Inc.)
Name: org/apache/log4j/
Implementation-Title: log4j
Implementation-Version: 1.2.13
Implementation-Vendor: "Apache Software Foundation"
> Log4j 1.x.xx vulnerability assessment
> -------------------------------------
>
> Key: LOG4J2-3233
> URL: https://issues.apache.org/jira/browse/LOG4J2-3233
> Project: Log4j 2
> Issue Type: Bug
> Components: log4j 1.2 emulation, Log4j-to-SLF4J
> Environment: PRODUCTION
> Reporter: Ram Subramanian
> Priority: Major
>
> Hi Team,
>
> We are running legacy decade old applications using log4j 1.2.13 and log4j
> 1.2.17 , log4j 1.3.xx and 1.4.xx
>
> Question:
> are the above older log4j 1.xx versions been impacted by the security
> vulnerability for log4j2
>
> Any help and clarity is much appreciated
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
