I am trying to upgrade my log4j version to 2.15.0. This should take me a while as I have to upgrade other stuff as well. My question is does dropping ldap callbacks on both 363 and 636 ports on my server will prevent the log4shell attack?
Asked
Active
Viewed 200 times
0
-
This may benefit from similar question at https://stackoverflow.com/questions/70440185/log4j-backward-compatibility (can jar be replaced without any further development required?) – PaoloC Jan 19 '22 at 12:11
1 Answers
3
I am afraid not as the attacker can specify a different port in the attack string.
Ceki
- 26,753
- 7
- 62
- 71