Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Does log4j security violation vulnerability affect log4net?

Tags:

java

c#

security

log4j

log4net

I have recently read about the zero-day issue in Log4J. I work with a few applications, written with .NET, that use the log4net logging library, which is based on Log4j.

Does log4net have any similar security vulnerabilities as the CVE-2021-44228 vulnerability to Log4j?

like image 549
FooAnon Avatar asked Dec 13 '21 15:12

FooAnon

People also ask

Is log4net affected by Log4j vulnerability?

It has been discovered that older versions of Log4j are also vulnerable to CVE-2021-4104. Read more about this update by selecting the following link: CVE - CVE-2021-4104. See product specific sections for mitigation steps.

Does log4net use Log4j?

The Apache log4net library is a tool to help the programmer output log statements to a variety of output targets. log4net is a port of the excellent Apache log4j™ framework to the Microsoft® .

What is affected by the Log4j vulnerability?

The observed attacks from the Apache Log4j vulnerabilities are mostly coin mining, remote shells, red-team activities, and mass-scanning.

Is log4net secure?

Is log4net thread-safe? Yes, log4net is thread-safe.

Does log4net have any cve-2021-44228 vulnerabilities like Log4j?

Does log4net have any similar security vulnerabilities as the CVE-2021-44228 vulnerability to Log4j? Show activity on this post. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. So, no. Log4Net is fine. Show activity on this post.

What is the Apache Log4j vulnerability?

Understand the risks it poses and the steps to take to secure your enterprise systems against potential associated threats. On December 9, the Apache Software Foundation released a security advisory addressing a remote code execution vulnerability (CVE-2021-44228) affecting its Log4j Java-based logging utility.

Is log4net based on Log4j?

I work with a few applications, written with .NET, that use the log4net logging library, which is based on Log4j. Does log4net have any similar security vulnerabilities as the CVE-2021-44228 vulnerability to Log4j?

Is it safe to use log4j-core?

Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. So, no. Log4Net is fine.

2 Answers

Vulnerability Details: CVE-2021-44228 (CVE Details) and CVE-2021-44228 (CVE) have the following note:

Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

So, no. Log4Net is fine.

like image 107
David Avatar answered Sep 28 '22 07:09

David

Apparently it has to use JNDI and JVM. Ports are clear if they don't use those.

Does CVE-2021-44228 impact Log4j ports?

like image 22
heimzza Avatar answered Sep 28 '22 07:09

heimzza
Sign in to Comment

Related questions

Should I do `Thread.currentThread().interrupt()` before `throw new InterruptedIOException()`?
Using TreeTranslator to rename functions not working for Kotlin
How to test internet speed (JavaSE)?
MVP: Should the View implement a Presenter's interface or vice versa?
Is there a java equivalent of the python eval function?
Interpreting JavaScript in Java with Rhino: pausing/resuming scripts
How to scale NodeJS linearly on multiple cores?
Adding photos to gallery in Google Play Newsstand
"AnalyticsReceiver is not registered or is disabled."
Error while creating own jar library for Android project
FileAlreadyExistsException with REPLACE_EXISTING option
Can I throw a custom error if a hystrix-protected call times out?
Application crashes only in release version
How to make option menu appear on bottom of the screen?
Task com.google.firebase.a.v rejected from java.util.concurrent.ThreadPoolExecutor
Spring RedisConnectionFactory with transaction not returning connection to Pool and then blocks when exhausted
Java Swing app looks tiny on high-DPI screen when it should be scaled to normal size
What are the differences between javadoc.jar, sources.jar and .jar?
How to fix "Failed to notify build listener" error?
Is it dead code in LinkedHashMap in JDK11?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!