Log4j concern on apache2 webserver

arimakidd

4/14/23, 1:38 PM

Given all the hype with the Log4j vulnerability I would like to know if my apache2 installation is vulnerable. I searched for Log4j* files and only one came up:

/usr/lib/python3/dist-packages/ansible_collections/community/windows/tests/integration/targets/win_xml/files/log4j.xml

Am I vulnerable? This appears to be a version one and I'm thinking I can rename it? Am I vulnerable?

This seems to be part of the distribution package for ansible_collections. Looks like a file more for Windows hosts. But I'd like to get a second opinion.

0 + 0

server

security

apache2

webserver

Organic Marble

4/14/23, 2:00 PM

An update to fix it came out today: https://www.ubuntuupdates.org/package/core/focal/universe/security/apache-log4j2 My (boringly static) apache2 website didn't need the update.

rtaft

4/14/23, 2:11 PM

Log4J is for Java, Apache2 is not Java. You would need to be running some other service that is using Java, like Tomcat, or Jetty, etc.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Log4j concern on apache2 webserver

TH: ความกังวล Log4j บนเว็บเซิร์ฟเวอร์ apache2

RO: Îngrijorare Log4j pe serverul web apache2

RU: Проблема Log4j на веб-сервере apache2

VI: Mối quan tâm của Log4j trên máy chủ web apache2

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.