[masraum]

Quote:

Originally Posted by Scott R

That was anything that ran Apache, from Windows, to Linux to Sun, to P-series.

Yes, log4j was, I know, we had to confirm that ever piece of network kit that we had was not impacted.

The point of posting was more about the first section that I've bolded. If any OS, computer [mac, win, *nix], cisco, firewalls, juniper, etc.... used the offending library/package/module, then it was impacted.

But there are plenty of holes that ONLY affect windows or iPhone IOS or android or....

Quote:

When there’s a security hole in an operating system or a popular browser, it typically affects just the users of that operating system or that browser. The publisher works up a new version that patches the hole, pushes out an update, and all’s well.

Log4j is different. It’s not an operating system, or a browser, or even a program. Rather, it’s what coders call a library, or a package, or a code module. It serves one purpose—keeping a log of what happens on a server.

People writing code want to focus on what makes their program unique. They don’t want to re-invent the wheel. So, they rely on endless libraries of existing code, such as Log4j. The Log4j module comes from Apache, which is the most widely used web server software. And that’s why it’s found on millions of servers.