Protection Engine REST API component hotfix for Log4j 2 v2.17.2
search cancel

Protection Engine REST API component hotfix for Log4j 2 v2.17.2

book

Article ID: 238072

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

You want to know if below CVE numbers will be addressed in RestAPI.
CVE-2019-17571, CVE-2022-23305, CVE-2021-4104, CVE-2022-23302, CVE-2020-9488

They are all log4j, but they are all related to "/usr/local/tomcat/webapps/restapi/WEB-INF/lib/log4j-1.2.17.jar", log4j version 1. The SPE REST API runs on v1 and that's been EOL since 2015
This hot fix includes latest log4j2 version 2.17.2. All traces of older log4j version 1.2.17 has been removed.

SPE Scan REST API component hotfix has been updated with the latest version of log4j2 v2.17.2. This version has fixes for all known vulnerabilities till now.
The log4j configuration file has been changed as per new version (2.17.2) of log4j2.

Documentation for these log4j2 configurations are mentioned in attached zip - SPE_Scan_REST_API_HF01\hf-01\docs\SPE-REST-API-Guide.pdf file.

Contents of the package: restapi.war
Platforms Supported: Platform independent (Fix in Java war file)

Environment

Symantec Protection Engine

Resolution

Application procedure of hotfix is as follows:

1. Stop the Apache Tomcat service.
2. Go to 'webapps' folder of Apache Tomcat install location, for example <Base_Install_Location>\Apache Software Foundation\Tomcat 9.0\webapps (normally on Windows, Tomcat is installed at similar locations). On Linux install location can be different.
3. Take backup of restapi.war and delete restapi.war and restapi folder from 'webapps' folder location.
4. Put new restapi.war file provided with this hotfix at the same location.
5. Ensure the permission to newly copied files are identical to backed-up files.
6. Start Apache Tomcat service.

Attachments

SPE_Scan_REST_API_HF01_1648791307810.zip get_app