Atozed Forums
Suspected Log4j vulnerability traffic - Printable Version

+- Atozed Forums (https://www.atozed.com/forums)
+-- Forum: Atozed Software Products (https://www.atozed.com/forums/forum-1.html)
+--- Forum: IntraWeb (https://www.atozed.com/forums/forum-3.html)
+---- Forum: English (https://www.atozed.com/forums/forum-16.html)
+----- Forum: IntraWeb General Discussion (https://www.atozed.com/forums/forum-4.html)
+----- Thread: Suspected Log4j vulnerability traffic (/thread-2587.html)



Suspected Log4j vulnerability traffic - pgnair - 12-14-2021

Yesterday we got Suspected Log4j vulnerability traffic in one of our intraweb application.

We are using this Log4j in the intraweb 15.2.27? If yes kindly advise the version?


RE: Suspected Log4j vulnerability traffic - Alex Samdv - 12-14-2021

Gute Frage. Ich möchte auch gern wissen


RE: Suspected Log4j vulnerability traffic - kudzu - 12-14-2021

Log4j is a JAVA library. To my knowledge IntraWeb does not rely on Java in any fashion at all. IntraWeb uses Javascript, but not Java.

"suspected" are AV tools ways of saying "we dont know, we are just guessing"

Unless you have added Log4J usage yourself, there should be no usage of it that I can see.


RE: Suspected Log4j vulnerability traffic - Alex Samdv - 12-15-2021

(12-14-2021, 06:29 PM)kudzu Wrote: Log4j is a JAVA library. To my knowledge IntraWeb does not rely on Java in any fashion at all. IntraWeb uses Javascript, but not Java.

"suspected" are AV tools ways of saying "we dont know, we are just guessing"

Unless you have added Log4J usage yourself, there should be no usage of it that I can see.

Thank you. I think also


RE: Suspected Log4j vulnerability traffic - Alexandre Machado - 12-20-2021

(12-14-2021, 01:21 AM)pgnair Wrote: Yesterday we got Suspected Log4j vulnerability traffic in one of our intraweb application.

We are using this Log4j in the intraweb 15.2.27? If yes kindly advise the version?

HI Pramod,

I'd love to know who pointed out about this suspected activity 

Sometimes I think auditors just make up some stuff to look they are doing their job :-)


RE: Suspected Log4j vulnerability traffic - Alexandre Machado - 12-20-2021

BTW, IntraWeb does not use a single library, code or binary made in Java.

There is ZERO chance to use anything even remotely related to Log4J


RE: Suspected Log4j vulnerability traffic - kudzu - 12-20-2021

This. Smile