Skip to main content
Question

Filename of log4j is 1.2.17, Microsoft Defender detects 2.x

  • December 22, 2021
  • 6 replies
  • 255 views
U
Do Gooder (Customer)
Forum|alt.badge.img+2

Responding to the threat posed by log4j, I am reading semi constantly that IFS app 9 is not affected.

 

However. we have confirmed that the  log4j jar file is named with 1.2.17 versioning, and yet when we both

 

Run defender

Investigate the source data

 

The indication is that the file is in fact 2.xx, specifically in this 2.12.1.  This is revealed in the 

META-INF/maven/log4j/log4j/pom.properties. See picture below

 

Also, your KBA says:

where when we check the file, we find Lookups as an option/folder.

So our question, how and why our WD pcks up this, despite log4j not supporting it in 1.2.xx?  

 

This leads me to believe that somewhere along the way, someone updated this.

 

Can you verify?

 

Thanks,. Antony

This topic has been closed for comments

6 replies

Jonas Feigl
Superhero (Employee)
Forum|alt.badge.img+20
  • Jonas Feigl
  • Superhero (Employee)
  • 260 replies
  • December 23, 2021

I would suggest you post this question on the bulletin 

 

U
Do Gooder (Customer)
Forum|alt.badge.img+2

Thanks, I tried that first; but the bulletin is closed :-( hence my question here. 
 

 

Yasas Kasthuriarachchi
1 person likes this
  • Yasas Kasthuriarachchi
    Yasas Kasthuriarachchi
Yasas Kasthuriarachchi
Superhero (Employee)
Forum|alt.badge.img+30

Hi @hhanse, @Markus Sandin 
Could you kindly help out to clarify this concern or tag who would be able to?
Thanks & Best Regards,
Yasas 

H
Hero (Employee)
Forum|alt.badge.img+10
  • hhanse
  • Hero (Employee)
  • 173 replies
  • January 4, 2022

Hi,

I actually saw this really strange thing as well. It seems Oracle has repackaged the log4j-1.2.17.jar to also contain parts of a 2.x log4j.
But as the strangely modified log4j-1.2.17.jar file is in the mw_home\mws\oracle_common folder it is safe. It's not used in runtime.
This folder is mentioned as safe in the Verification part of the mitigation of Apps10.

Scanning tools are very good, but it is difficult to interpret the result - often many "false truths".

   /Henrik 

Yasas Kasthuriarachchi
U
2 people like this
  • Yasas Kasthuriarachchi
    Yasas Kasthuriarachchi
  • U
    UnsuspectingDivinity
U
Do Gooder (Customer)
Forum|alt.badge.img+2
hhanse wrote:

Hi,

I actually saw this really strange thing as well. It seems Oracle has repackaged the log4j-1.2.17.jar to also contain parts of a 2.x log4j.
But as the strangely modified log4j-1.2.17.jar file is in the mw_home\mws\oracle_common folder it is safe. It's not used in runtime.
This folder is mentioned as safe in the Verification part of the mitigation of Apps10.

Scanning tools are very good, but it is difficult to interpret the result - often many "false truths".

   /Henrik 

Hey Henrik,

Thanks for your answer.

Safe to say we can just quarantine this file in our IFS and IFS test environments then without any known errors?

If so, then it kinda closes the book for us on this (using IFS 9 onprem)

Thanks again, 

Anthony

H
Hero (Employee)
Forum|alt.badge.img+10
  • hhanse
  • Hero (Employee)
  • 173 replies
  • January 24, 2022

Hi,
Oracle and therefore IFS states it’s not used in runtime, so it should be ok to remove or “quarantine” it. 
/Henrik 
 

Yasas Kasthuriarachchi
Thom C
2 people like this
  • Yasas Kasthuriarachchi
    Yasas Kasthuriarachchi
  • Thom C
    Thom C
Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings