Log4shell (CVE-2021-44228) vulnerability scanning

Hello everyone.
I am scanning my hosts looking for any vulnerability related to CVE-2021-44228. In order to accomplish the above, I have used two scan configs:
Using Full & Fast I found two vulnerabilities: “Apache Log4j 2.0.x Multiple Vulnerabilities (HTTP, Log4Shell) - Active Check” and “Apache Log4j 2.0.x Multiple Vulnerabilities (TCP, Log4Shell) - Active Check”, however, I have installed neither Log4J nor JAVA in the scanned hosts, which makes me think it could be a false positive.
In adittion, whenever I use the scan config Log4Shell, it only shows 0.0 (Log) results.
Is there any configuration recommended to accurately detect vulnerabilities related to this CVE?

Hi,

I can’t speak to how Greenbone is detecting this vulnerability but I have run the following command (as root) to locate any instances of a log4j jar file on my systems:

      find / -iname 'log4j*'

You may be surprised to find that some package you installed included log4j and also uses Java.

Best,

Geoff

3 Likes

On an associated note, what are the names of the .nasl files that are associated with the scans aimed at detecting Log4JShell? Maybe that can help point the OP in the right direction.

Hi,

Java-Code can be embedded in any jar file, so that will not help you at all.

1 Like