Lucene search

K
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.APACHE_LOG4J_JDNI_LDAP_GENERIC.NBIN
HistoryDec 10, 2021 - 12:00 a.m.

Apache Log4j Message Lookup Substitution RCE (Log4Shell) (Direct Check)

2021-12-1000:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
175

A remote code execution vulnerability exists in Apache Log4j < 2.15.0 due to insufficient protections on message lookup substitutions when dealing with user controlled input. A remote, unauthenticated attacker can explolit this, via a web request to execute arbitrary code with the permission level of the running Java process.

The plugin relies on callbacks from the target being scanned and hence any firewall rules or interaction with other security devices will affect the efficacy of the plugin. The plugin will also not yield results on Tenable.io and customers are encouraged to use plugin IDs 155999, 156000, 156001, and 156002 instead when scanning with Tenable.io. We continue to explore options for additional detection.

This plugin will have the scanner listen for the callback on a random port in the 50000 to 60000 range.

Binary data apache_log4j_jdni_ldap_generic.nbin
VendorProductVersion
apachelog4j