On 11/12/2021 00:41, Naresh Annangar wrote:
Hi Team,
While checking for CVE-2021-44228, we noticed the presence of Log4j v1.2.17
packaged along with Tomcat.
Noticed where?
Tomcat version?
Download location?
Mark
Log4j lists 1.x as unsupported. Is there any
analysis or information available if this is vulnerable or exploitable?
Regards,
Naresh
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
