WebLogic Server 184.108.40.206, 220.127.116.11, and 14.1.1 Scanner Reports Related to Log4j Version 1.x Files
(Doc ID 2907413.1)
Last updated on FEBRUARY 27, 2023
Applies to:Oracle WebLogic Server - Version 18.104.22.168.0 to 22.214.171.124.0 [Release 12c to 14c]
Information in this document applies to any platform.
- This applies to WebLogic Server (only) 126.96.36.199, 188.8.131.52, and 14.1.1 installations.
- This document does not include a Fusion Middleware Infrastructure or other Fusion Middleware installations.
The purpose of this document is to help answer questions about Log4j Version 1.x (log4jv1) jars in WebLogic Server (only) 184.108.40.206, 220.127.116.11, and 14.1.1 installations. Oracle has publicly documented fixes over time for log4j-related security vulnerabilities in Oracle products at https://www.oracle.com/security-alerts/ , including WebLogic Server fixes for log4jv1 security vulnerabilities. Although these fixes have been delivered as described, security scanners may report the presence of log4jv1 jars in WebLogic Server installations with quarterly Critical Patch Update (CPU) patches applied. This may lead to questions about whether log4jv1 vulnerabilities are still present, and/or requests for additional explanations.
- For the latest WebLogic Server CPU requirements, see Doc ID 2806740.2 - Critical Patch Update (CPU) Patch Advisor for Oracle Fusion Middleware
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document
|WebLogic Server 18.104.22.168|
|WebLogic Server 22.214.171.124|
|WebLogic Server 126.96.36.199|