| ||||||||||
Shopping cart software Solutions for online shops and malls | ||||||||||
|
X-Cart Home | FAQ | Forum rules | Calendar | Mark Forums Read | User manuals | Login |
Apache Log4j Vulnerability | |||
|
|
Thread Tools | Search this Thread |
#1
|
|||||||
|
|||||||
Apache Log4j Vulnerability
I'm attempting to find out if X-Cart has been affected by the Log4j vulnerability in any way. I have reached out to the X-Cart support team about this issue and did not receive a response.
I have run the scanner manually on the core X-Cart application. As expected the core X-Cart application was not affected by this vulnerability. I can not run the scanner on the APIs that X-Cart or X-Payments use, and do not maintain control over these items. Did anyone reach out and receive a statement from the X-Cart team about the Log4j vulnerability and how X-Cart was impacted? Reference CISA Apache Log4j Vulnerability Guidance |
|||||||
#2
|
|||||||
|
|||||||
Re: Apache Log4j Vulnerability
Good luck waiting for a useful, tested response from the X-Cart support team...
Not 100% sure about fully verifying API's, but you could use the two tools linked from here, if you wish to dig deeper: https://www.infoworld.com/article/3644492/how-to-detect-the-log4j-vulnerability-in-your-applications.html
__________________
Dev Store & Live Store XC Business 5.4.1.35 Server; Ubuntu 22.04.2 LTS (HWE 6.2.0.26.26 Kernel)) / Plesk Obsidian Nginx 1.20.4 / Apache 2.4.52 (Ubuntu Backported) / MariaDB 10.11.4 / PHP 7.4.33 |
|||||||
#3
|
|||||||
|
|||||||
Re: Apache Log4j Vulnerability
Unless you run log4j on your server, your server shouldn't be affected by this issue, should it? And log4j being a java application, I don't see how X-cart which is based on php/javascript can be affected.
__________________
X-cart 5.2.12, php 5.6 Ed from Grenoble, France |
|||||||
#4
|
|||||||
|
|||||||
Re: Apache Log4j Vulnerability
Okay thank you, that's unfortunate to hear. I appreciate the added resources. I used the CISA scanner from the original post to scan the web server and X-Cart app.
Yes, X-Cart is a PHP based platform which wouldn't directly be affected by this vulnerability. Though many backend services use Java which makes this vulnerability so dangerous. For example cPanel was affected. I'm mostly wondering how X-Payments was impacted, and if they have reached out to the API services that are used in the XC/ Qualiteam modules. As there are a lot of RESTful services that were built with Java. |
|||||||
|
Thread Tools | Search this Thread |
|
|
|
|||
X-Cart forums © 2001-2020
|