DEPRECATED - Vulnerability Scan Results: CVE-2021-44228 Log4j
3 Votes |
Versioning - This is the latest version.
1 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/10/2021 9:52:42 AM |
2 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/10/2021 10:21:09 AM |
3 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/11/2021 10:06:23 AM |
4 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/11/2021 10:07:46 AM |
5 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 7:45:47 AM |
6 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 8:44:24 AM |
7 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 10:57:04 AM |
8 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/13/2021 11:21:29 AM |
9 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/14/2021 9:37:56 AM |
10 | Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/16/2021 1:04:25 PM |
11 | DEPRECATED - Vulnerability Scan Results: CVE-2021-44228 Log4j | 12/16/2021 3:19:21 PM |
Description
Warnings & Limitations:
- This Analysis parses results generated by the related Task "Vulnerability Scan: Log4j CVE-2021-44228"
- That Task uses shell scripts with 'dir /s' on Windows or 'find' on Linux/UNIX. It only identifies vulnerable files matching the file name pattern. Log4j libraries that have been renamed or embedded in other JAR, WAR, EAR, or ZIP files are not detected.
- This method is largely superseded with newer "Log4j-scan / Logpresso" content.
This Analysis parses the results of a scan for vulnerable Log4j files based on CVE-2021-44228.
Versions of Log4j-core lower than 2.15.0 may be vulnerable to CVE-2021-44228 as described at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228
Versions of Log4j-core lower than 2.16.0 may be vulnerable to CVE-2021-45056 as described at https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45046
Note: CVE-2021-45056 also appears to be patched in Log4j-core-2.12.2.jar, which may be needed to run with JRE 7.
This Analyses parses results of a filesystem scan executed by the accompanying Task.
Properties reported:
- CVE-2021-44228 - Scan Results Exist - Indicates the scan has been performed on the affected endpoint.
- CVE-2021-44228 - Scan Completion Time - Indicates the time the scan completed, if the scan is not still in progress.
- CVE-2021-44228 - Log4j pathnames - Indicates the file paths where any log4j-core*.jar file has been found
- CVE-2021-44228 - Log4j potentially vulnerable pathnames - Based on the log4j-core file name, indicates any paths where a version earlier than 2.15.0 may be found
- CVE-2021-44228 - Log4j path, sha1, and matching known version - For all detected log4j-core-X.jar files, compare the given file to a list of known sha1 hashes and indicate whether the file matches any of the known hashes. This is useful for older BigFix clients that may lack the sha256 inspector.
The comparison between detected files, and known sha256 / sha1 hashes, can be helpful to indicate whether a given file has been replaced by the corrected 2.15.0 version while keeping an earlier version filename for application compatibility.
Update 12/16/2021 .2:
- Updated 'potentially vulnerable pathnames' property to match versions via regular expression, the built-in 'as version' cast matched incorrectly on some OS/Platform versions.
Update 12/16/2021:
- Add hash for Log4j-core-2.12.2.jar
- Add hash for Log4j-core-2.16.0.jar
- Include 2.15.0 in the "Potentially Vulnerable" results.
- Exclude 2.12.2 in the "Potentially Vulnerable" results.
Update 12/13/2021:
* Shorter matching product names for sha256 comparison.
* Add sha1 comparison
* Use 'native file' if available, to avoid Wow64 Redirection on 64-bit Windows
Update 12/13/2021.02:
* Avoid `storage folder of client` in favor of `folder(pathname of parent folder of parent folder of client folder of site "actionsite")` , to handle much older BES Client versions.
Property Details
2998668 | |
Alpha - Code that was just developed | |
DEPRECATED - Vulnerability Scan Results: CVE-2021-44228 Log4j | |
BESC | |
CVE, CVE-2021-44228, Log4j, vulnerability, scan | |
JasonWalker on 12/16/2021 3:19:21 PM | |
JasonWalker on 12/21/2021 11:22:17 AM | |
7537 Views / 147 Downloads | |
* Average over 0 ratings. ** Log In or Register to add your rating. |
Properties
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
* Results in a true/false |
Relevance
Sharing
Social Media: |
Comments
|
|
Jason, just want to say a huge thank you. This and the scan have really really helped us out this weekend. Can't thank you enough for my Wintel and Unix team :-) Merry Christmas sunshine |
|
|
For 'quasi-false positives' where vulnerable files have been deleted but still reside in the Windows 'Recycle Bin', I added this recycle bin check to CVE-2021-44228 - Log4j potentially vulnerable pathnames: it does not start with "SCAN_COMPLETE" and it as lowercase does not contain "\$recycle.bin\" |
|
|
Hello If affected files are inside an archive like war , tar ecc .. how can i search for them ? |