[druid-user] How do I determine which hardware device and software has log4j zero-day security vulnerability?

Good day from Singapore,

I am working for a Systems Integrator (SI) in Singapore. We have several clients writing in, requesting us to identify log4j zero-day security vulnerability in their corporate infrastructure.

It seems to be pretty difficult to determine which hardware device and which software has the vulnerability. There seems to be no lists of hardware devices and software affected by the flaw any where on the internet.

Could you refer me to definitive documentation/guides on how to identify log4j security flaw in hardware devices and software?

Thank you very much for your kind assistance.

Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 16 Dec 2021, is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a Systems Integrator (SI)/computer firm in Singapore. He is an IT enthusiast.

Hi Ceo or is it Teo,

It is not a hardware problem, it is a software issue in the log4j java library.

When it comes to Apache Druid, you can find detailed information about the vulnerability and mitigation tactics here:

Sergio

Hi,
The page is not accessible anymore. What is the problem?
Jun

Sorry about that. The new website organization just got published, here’s the updated link:

Sergio

Hi,

I am aware it is not a hardware problem. But some hardware may contain software which has the log4j flaw.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
19 Dec 2021 Sunday

Thanks for the link.

Regards,

Mr. Turritopsis Dohrnii Teo En Ming
Targeted Individual in Singapore
19 Dec 2021 Sunday