Apache log4j vulnerability on REPLACED folders
search cancel

Apache log4j vulnerability on REPLACED folders

book

Article ID: 231849

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager

Issue/Introduction

While testing for vulnerable versions of the Apache log4j libraries, some are found in the REPLACED folder, even after patching for the vulnerability.

Environment

Release : 17.3

Component :

Resolution

Files in the REPLACED folder structure are merely backups of those replaced during the patch install.

They're not in the executable library path, so shouldn't cause a problem. However, if you wish to zip up / backup / delete them to stop the scanner setting an alarm of, you're welcome to do so.