Question

Filename of log4j is 1.2.17, Microsoft Defender detects 2.x

  • 22 December 2021
  • 6 replies
  • 242 views
U
Rank
Userlevel 1
Badge +2

Responding to the threat posed by log4j, I am reading semi constantly that IFS app 9 is not affected.

 

However. we have confirmed that the  log4j jar file is named with 1.2.17 versioning, and yet when we both

 

Run defender

Investigate the source data

 

The indication is that the file is in fact 2.xx, specifically in this 2.12.1.  This is revealed in the 

META-INF/maven/log4j/log4j/pom.properties. See picture below

 

Also, your KBA says:

where when we check the file, we find Lookups as an option/folder.

So our question, how and why our WD pcks up this, despite log4j not supporting it in 1.2.xx?  

 

This leads me to believe that somewhere along the way, someone updated this.

 

Can you verify?

 

Thanks,. Antony

This topic has been closed for comments

6 replies

Jonas Feigl
Rank
Userlevel 5
Badge +17

I would suggest you post this question on the bulletin 

 

U
Rank
Userlevel 1
Badge +2

Thanks, I tried that first; but the bulletin is closed :-( hence my question here. 
 

 

Yasas Kasthuriarachchi
Rank
Userlevel 7
Badge +30

Hi @hhanse, @Markus Sandin 
Could you kindly help out to clarify this concern or tag who would be able to?
Thanks & Best Regards,
Yasas 

H
Rank
Userlevel 5
Badge +10

Hi,

I actually saw this really strange thing as well. It seems Oracle has repackaged the log4j-1.2.17.jar to also contain parts of a 2.x log4j.
But as the strangely modified log4j-1.2.17.jar file is in the mw_home\mws\oracle_common folder it is safe. It's not used in runtime.
This folder is mentioned as safe in the Verification part of the mitigation of Apps10.

Scanning tools are very good, but it is difficult to interpret the result - often many "false truths".

   /Henrik 

U
Rank
Userlevel 1
Badge +2

Hi,

I actually saw this really strange thing as well. It seems Oracle has repackaged the log4j-1.2.17.jar to also contain parts of a 2.x log4j.
But as the strangely modified log4j-1.2.17.jar file is in the mw_home\mws\oracle_common folder it is safe. It's not used in runtime.
This folder is mentioned as safe in the Verification part of the mitigation of Apps10.

Scanning tools are very good, but it is difficult to interpret the result - often many "false truths".

   /Henrik 

Hey Henrik,

Thanks for your answer.

Safe to say we can just quarantine this file in our IFS and IFS test environments then without any known errors?

If so, then it kinda closes the book for us on this (using IFS 9 onprem)

Thanks again, 

Anthony

H
Rank
Userlevel 5
Badge +10

Hi,
Oracle and therefore IFS states it’s not used in runtime, so it should be ok to remove or “quarantine” it. 
/Henrik 
 

Terms & ConditionsCookie settings