DEVHIDE
Login Or Sign up

How to find log4shell vulnerable classes in my assemblies (jar/ear/war)

254 Views Asked by At

Around the current log4shell situation i need a way to find out if i have vulnerable classes in my packaged products. What is the easiest way to find if the following classes are contained in jar files packaged in EAR or WAR files?

  • JndiLookup.class
  • JMSAppenderBase.class
  • JMSAppender.class
java security log4j log4shell
Original Q&A
1

There are 1 best solutions below

0
On BEST ANSWER

One solution would be the following bat script:

@echo off
echo extraction step 1
"C:\Program Files\7-Zip\7z.exe" e -r -aos -bd -otmp *
echo creating filelist
"C:\Program Files\7-Zip\7z.exe" l -r -aos -bd tmp/* >filelist.txt
echo cleanup
rmdir /s /q tmp
echo analysis result:
find "JndiLookup.class" filelist.txt
find "JMSAppenderBase.class" filelist.txt
find "JMSAppender.class" filelist.txt
pause

Related Questions in JAVA

Related Questions in SECURITY

Related Questions in LOG4J

Related Questions in LOG4SHELL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.