-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Catching log4j 1.x also ? #14
Comments
Hi, i'll check if it doesn't bloat the tool too much with hashes and i'll consider it. The tool is mainly focussed on finding |
|
Adding hostname is a good idea, will add that to the script regardless. |
I have started collecting hashes from samples of 1.x JMSAppender.class
Could you review these? I would be keen on adding 1.x support |
I added These are the MD5 hashes, and they match what you already had:
If have not looked into the log4j 1.x further yet, is there any reason why you chose |
Quick Googling on XMSappender.class log4j CVE bring this page up. https://www.kb.cert.org/vuls/id/930724 |
I have done a bit of For
For
Ofcourse we also need to consider how unique the class name is between other Java projects. |
This would be good, also in the light of CVE-2021-4104 |
Hi
I found following string not reported by log4j-finder.
please consider to catch log4j 1.x jar also.
Thanks
The text was updated successfully, but these errors were encountered: