Hey , i have a Microsoft Exchange Serer 2016 that i am testing and time to time Log4j active Http plugin reports a False positive.
script name “Apache Log4j 2.0.x Multiple Vulnerabilities (HTTP, Log4Shell) - Active Check”
I was wondering if it is only me that encounters this or there are other reported False positives for this plugin?
Thank you.
Hi @winterk,
I’d like to check something before I pass this on, by time to time do you mean that it’s being inconsistent in that some scans are fine and others are showing the false positive (sorry if this sounds like a simple question but want to clarify). Thanks!
Yes, correct. through the past 3 months i had it twice detected out of ~ 45 scans
I got the same problem
I updated the scanner from version 22.7.3 to version 22.7.9
and began to receive a huge number of false positive alerts
Apache Log4j 2.0.x Multiple Vulnerabilities (TCP, Log4Shell) - Active Check
Apache Log4j 2.0.x Multiple Vulnerabilities (UDP, Log4Shell) - Active Check
Apache Log4j 2.0.x Multiple Vulnerabilities (HTTP Web Root, Log4Shell) - Active Check
If issues like this are showing up after updating the underlying software stack (e.g. the scanner in this case) please open a new issue over here:
This category is only used for the VT / NASL side. AFAICT nothing changed on that side since many months so it could be possible that some kind of bug got introduced on software stack side in between these versions causing this new behavior.
Edit Ref for the newly created issue: