Can dovecot be leveraged to exploit Solr/Log4shell?
Jochen Bern
Jochen.Bern at binect.de
Wed Dec 15 17:21:30 UTC 2021
On 15.12.21 08:45, Alessio Cecchi wrote:
> SOLR_OPTS="$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true"
> and should be enough to prevent this vulnerability.
Possibly not anymore, see CVE-2021-45046 ("re-opened" CVE-2021-44228 for
v2 prior to 2.16.0) and CVE-2021-4104 (variant for v1, in the meantime -
at least by Red Hat - downgraded to *not* be a *Remote* Code Execution
(RCE) vuln) ...
Regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://dovecot.org/pipermail/dovecot/attachments/20211215/702b79fb/attachment-0001.bin>
More information about the dovecot
mailing list