Hi Team, While checking for CVE-2021-44228, we noticed the presence of Log4j v1.2.17 packaged along with Tomcat. Log4j lists 1.x as unsupported. Is there any analysis or information available if this is vulnerable or exploitable?
Regards, Naresh
- Tomcat Use of Log4j v1.2.17 Naresh Annangar
- Re: Tomcat Use of Log4j v1.2.17 Mark Thomas
