WebLogic Server 12.2.1.3, 12.2.1.4, and 14.1.1 Scanner Reports Related to Log4j Version 1.x Files
(Doc ID 2907413.1)
Last updated on JULY 20, 2024
Applies to:
Oracle WebLogic Server - Version 12.2.1.3.0 to 14.1.1.0.0 [Release 12c to 14c]Information in this document applies to any platform.
- This applies to WebLogic Server (only) 12.2.1.3, 12.2.1.4, and 14.1.1 installations.
- This document does not include a Fusion Middleware Infrastructure or other Fusion Middleware installations.
Purpose
The purpose of this document is to help answer questions about Log4j Version 1.x (log4jv1) jars in WebLogic Server (only) 12.2.1.3, 12.2.1.4, and 14.1.1 installations. Oracle has publicly documented fixes over time for log4j-related security vulnerabilities in Oracle products at https://www.oracle.com/security-alerts/ , including WebLogic Server fixes for log4jv1 security vulnerabilities. Although these fixes have been delivered as described, security scanners may report the presence of log4jv1 jars in WebLogic Server installations with quarterly Critical Patch Update (CPU) patches applied. This may lead to questions about whether log4jv1 vulnerabilities are still present, and/or requests for additional explanations.
- For the latest WebLogic Server CPU requirements, see Doc ID 2806740.2 - Critical Patch Update (CPU) Patch Advisor for Oracle Fusion Middleware
Details
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Purpose |
Details |
WebLogic Server 12.2.1.3 |
WebLogic Server 12.2.1.4 |
WebLogic Server 14.1.1.0 |
References |