I-Apache Software Foundation ipapashe ingxelo eshwankathelayo malunga neeprojekthi ezichaphazelekayo ngomngcipheko obalulekileyo kwi-Log4j 2 evumela ukuba ikhowudi engafanelekanga iqhutywe kumncedisi. Ezi projekthi zilandelayo ze-Apache zichatshazelwa ngulo mba: I-Archiva, iDruid, i-EventMesh, i-Flink, i-Fortress, i-Geode, i-Hive, i-JMeter, i-Jena, i-JSPWiki, i-OFBiz, i-Ozone, i-SkyWalking, i-Solr, i-Struts, i-TrafficControl, kunye ne-Calcite Avatica. Ukuba sesichengeni kukwachaphazele iimveliso ze-GitHub, kuquka i-GitHub.com, i-GitHub Enterprise Cloud, kunye ne-GitHub Enterprise Server.
Iiprojekthi ze-Apache ezingachatshazelwanga ngumngcipheko we-Log4j 2: Apache Iceberg, Guacamole, Hadoop, Log4Net, Spark, Tomcat, ZooKeeper kunye ne-CloudStack.
Abasebenzisi beepakethe ezinengxaki bayacetyiswa ukuba bafakele uhlaziyo olukhawulezileyo kubo, bahlaziye ngokwahlukeneyo uguqulelo lweLog4j 2, okanye usete iparamitha yeLog4j2.formatMsgNoLookups ibe yinyani (umzekelo, ngokongeza iqhosha elithi “-DLog4j2.formatMsgNoLookup=True” ekuqaleni) . Ukuvala ubungozi kwiinkqubo apho kungekho ukufikelela ngokuthe ngqo, isitofu sokugonya se-Logout4Shell sacetywa, esithi, ngohlaselo, sisete useto lweJava "log4j2.formatMsgNoLookups = true", "com.sun.jndi.rmi.object. trustURLCodebase = ubuxoki" kunye ne "com.sun.jndi.cosnaming.object.trustURLCodebase = ubuxoki" ukuvala ukubonakaliswa okungaphezulu kobuthathaka kwiinkqubo ezingalawulwayo.
Kwiintsuku zakutshanje, kubekho ukwanda okukhulu kwemisebenzi enxulumene nokuxhaphazwa kwabantu abasengozini. Umzekelo, iCheck Point ibhale phantsi izenzo zayo zobuxoki iiseva Kwincopho yayo, yayijongene nemizamo yokuxhaphaza emalunga ne-100 ngomzuzu, kwaye iSophos ibike ngokufunyanwa kwe-botnet entsha yokumba imali ye-cryptocurrency eyenziwe kwiinkqubo ezinobuthathaka obungachazwanga kwiLog4j 2.
Ukongezwa:
- Ubuthathaka buqinisekisiwe kwimifanekiso emininzi yeDocker esemthethweni, kubandakanya imifanekiso ye-couchbase, elasticsearch, flink, solr, storm, njl.
- Ubuthathaka bukhona kwimveliso yeMongoDB Atlas Search.
- Lo mbandela uchaphazela iimveliso ezininzi zeCisco, kuquka iSeva yeeNtlanganiso zeCisco Webex, iCisco CX Cloud Agent, iCisco Advanced Web Reporting Security, Cisco Firepower Threat Defense (FTD), Cisco Identity Services Engine (ISE), Cisco CloudCenter, Cisco DNA Centre, Cisco BroadWorks kwaye nangokunjalo.
- Umba ukhona kwi-IBM WebSphere Application Server, kunye nakwezi mveliso zilandelayo ze-Red Hat: I-OpenShift, i-OpenShift Logging, i-OpenStack Platform, i-Integration Camel, i-CodeReady Studio, i-Data Grid, i-Fuse, kunye ne-AMQ Streams.
- Umba uqinisekisiwe kwi-Junos Space Network Management Platform, i-Northstar Controller / Planner, iParagon Insights / Pathfinder / Planner.
- Uninzi lweOracle, vmWare, Broadcom kunye neemveliso zeAmazon nazo ziyachaphazeleka.
umthombo: opennet.ru
