Is Log4j exploitable outside of a webserver
Everything I’ve being reading about the log4j shell vulnerability all have the assumption that process is a flavor of a ‘webserver’ (i.e. a long running process that listens on ports)
So my question is the exploitability of log4j vulnerability if the application is one of the following short-lived JAVA code
1) Basic JAVA app that uses log4j for debug logging
2) SpringBoot application but with WebApplicationType.NONE[1]
[1] https://docs.spring.io/spring-boot/docs/current/api/org/springframework/boot/WebApplicationType.html
Not trying to avoid mitigation or remediation tasks but trying to prioritize my workload
Thanks
yes it is only on any thing using apache JIRA+webserverzzz so it could really WORK on springboot