Log4j CVE (non)-impact
peter.schober at univie.ac.at
Sun Dec 12 20:17:35 UTC 2021
* Peter Schober <peter.schober at univie.ac.at> [2021-12-12 21:13]:
> * Pavel Šipoš <pavel.sipos at arnes.si> [2021-12-12 14:04]:
> > Is the Shibboleth SP (3.2.3 or older) safe from log4j exploit too?
> The log4cpp (and log4shib) config may be inspired (or outright copied)
> from log4j but the implementation is different.
"Log4cpp is modeled after the Log4j Java library, staying as close to
their API as is reasonable."
I doubt that includes cross-platform code to replicate the log4j
plugin that enables the exploits via LDAP / JNDI. ;)
More information about the users