How to find if Log4J is installed in my server

A critical vulnerability (CVE-2021-44228) was identified on the popular log4j logger library used by a lot of popular Java applications. The remote code execution (RCE) vulnerability allows attackers to gain access to the server by getting the application to log a special string.

Apache Log4j versions 2.0-beta9 to 2.14.1 are affected by this critical vulnerability.

To find if Log4J installed on your server, run

Example

In the above result, the server has an application SoapUI-5.4.0, that use Log4J. But the version is older than 2.0, so not affected by this vulnerability.

If your server has any application, that uses Log4J and it uses a vulnerable version, you need to upgrade it to the latest version.

Leave a Reply

Your email address will not be published. Required fields are marked *