log4j-core-2.16.0.jar
Mathew, Sunil
smathew at hbs.edu
Wed Jun 7 16:19:22 UTC 2023
Hi All,
We are using shib-idp:4.2.1_20220624 docker image in AWS.
Qualys is complaining about the existence of this file:
/usr/local/tomcat/bin/log4j-core-2.16.0.jar
relates to this CVE: https://nvd.nist.gov/vuln/detail/CVE-2021-45105 - description from Qualys:
[Image]
How can I remediate this vulnerability?
Regards,
Sunil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20230607/f27967b7/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 473024 bytes
Desc: image001.png
URL: <http://shibboleth.net/pipermail/users/attachments/20230607/f27967b7/attachment-0001.png>
More information about the users
mailing list