TechQA.

How to find log4shell vulnerable classes in my assemblies (jar/ear/war)

248 views Asked by At

Around the current log4shell situation i need a way to find out if i have vulnerable classes in my packaged products. What is the easiest way to find if the following classes are contained in jar files packaged in EAR or WAR files?

  • JndiLookup.class
  • JMSAppenderBase.class
  • JMSAppender.class
java security log4j log4shell
Original Q&A
1

There are 1 answers

0
fl0w On BEST ANSWER

One solution would be the following bat script:

@echo off
echo extraction step 1
"C:\Program Files\7-Zip\7z.exe" e -r -aos -bd -otmp *
echo creating filelist
"C:\Program Files\7-Zip\7z.exe" l -r -aos -bd tmp/* >filelist.txt
echo cleanup
rmdir /s /q tmp
echo analysis result:
find "JndiLookup.class" filelist.txt
find "JMSAppenderBase.class" filelist.txt
find "JMSAppender.class" filelist.txt
pause

Related Questions in JAVA

Related Questions in SECURITY

Related Questions in LOG4J

Related Questions in LOG4SHELL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions