On Tue, Dec 14, 2021 at 10:59 AM David Gibbs via MIDRANGE-L <
midrange-l@xxxxxxxxxxxxxxxxxx> wrote:

On 12/14/21 7:01 AM, Mayer, Michael via MIDRANGE-L wrote:

One thing to keep in mind ... some vendors repackage jar's so their
product is included in a single jar, with all the required classes
included (either as classes or jar's with a special class loader).

This is going to make it very difficult to detect if the vulnerable
classes are used.



This is true. AND sometimes their jars are themselves buried in .war and
.ear files.

PLUG: Us IBM i engineers at Absolute Performance can help with searching
for this stuff, also on Windows, Linux, AIX ...


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.